Link Controller and Cisco ASA VPN questions

Question

I have a link controller with multiple ISP's it is handling routing for along with some Cisco ASA's that need to establish VPN connections to other Cisco ASA's on the internet. Does anyone have an elegant way of accomplishing failover if the link with the priority goes down? Any help would be greatly appreciated.

&nbsp;

&nbsp; &nbsp;

&nbsp;

&nbsp; &nbsp;

chris_miller · Answer

I'll try to put something together today for this.

chris_miller · Answer

I'd create an outbound pool that contained both links and use priority group activation so link 2 is only used if link 1 is down. Since you'll need to SNAT traffic outbound to match the inbound, you'll want to do a SNAT Pool with the necessary addresses and an iRule that basically says "if this pool member is used, snat to this address." 
&nbsp;  
&nbsp; Let me know where you'd like me to elaborate.

Forum Discussion

Link Controller and Cisco ASA VPN questions

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

JWT authorization with NGINX Ingress Controller

F5 Distributed Cloud (XC) Global Applications Load Balancing in Cisco ACI

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Distributed caching of authentication requests with NGINX Ingress Controller

Overview of API Access Control and implementing API key access control with BIG-IP APM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS