Site to site VPN with one dynamic IP
fid500
Member Posts: 71 ■■□□□□□□□□
Hello,
I am trying to setup a site to site VPN with one side static and the other dynamic for redundancy purposes. I have an ASA 5505 in the remote site and 5510 in the central site. Can someone please direct me to some documentation or shed some light on how to do this. Both ASAs running 8.0
Thanks
I am trying to setup a site to site VPN with one side static and the other dynamic for redundancy purposes. I have an ASA 5505 in the remote site and 5510 in the central site. Can someone please direct me to some documentation or shed some light on how to do this. Both ASAs running 8.0
Thanks
Comments
-
kalebksp
Member Posts: 1,033 ■■■■■□□□□□
PIX/ASA 7.x and later : Dynamic IPsec Between a Statically addressed PIX and a Dynamically addressed IOS Router with NAT Configuration Example - Cisco Systems - Show's how to do it between a router and a PIX. It shouldn't be too hard to translate it for a pair of ASAs
When I had to do this I also increased the timeouts since the central site won't be able to initiate the tunnel. Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions - Cisco Systems -
fid500
Member Posts: 71 ■■□□□□□□□□
kalebksp, Thanks for your response.
I have the setup working, only one little issue. When I have both links up, the traffic is routed through MPLS, that s the desired route. When I disconnect the MPLS link, the traffic goes through site to site VPN, so far so good. However, when I bring the MPLS back, and check the route table, i have MPLS link as the best route to my central network, but the traffic stays on the VPN link. it doesn't fail to the MPLS. I have two IP SLA tracking with lower metric to the MPLS link.
Can anyone shed some light on this. Why does the VPN stays up?
Thanks