VPN Failover Question
I have what I thought was a simple task but i am having trouble figuring out how to implement it. I currently have a cisco 5510 connected to an internet router and a MPLS router. The MPLS connection is new and we previously communicated with our branch office subnets through a vpn tunnel i have configured on the ASA. Now that we are getting a MPLS connection traffic destined for the branch subnets will go through the MPLS connection. However I still want to keep the VPN as a failover in the event MPLS fails. I'm just not sure how I can tell the ASA to use the vpn only if the MPLS connection is down. Does anyone know if i have both a vpn connection and static routes for the same remote subnets pointing to my MPLS router will the ASA prefer the static routes and only use the vpn if the routes are not in the table? Any information would be appreciated.
A master at anything was once a beginner
Comments
2022 Goals:
Certs: EnCE (cert obtained), SC-300 (in progress), AZ-500, SC-100, SPLK-1003
Course: BC Security - Empire Operations 1 (completed), Zero Point Security - CRTO (course completed)
ASA/PIX 7.x: Redundant or Backup ISP Links Configuration Example - Cisco Systems
use a routing protocol to pick the best path, which I assume will be the MPLS
+1 - I was going to suggest this.... however burbank already covered it..... Let a routing protocol make the decision... have a higher metric on the GRE routing-protocols adjacency over the IPSec VPN.
Thus MPLS VPN will always be preferred unless it is down....
If its not possible to deploy this... then tracked routes would be the way to go...
That is correct... for egress traffic NAT is after routing.... for ingress traffic to the ASA NAT is before routing..
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP