For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jeff_Banks's avatar
Jeff_Banks
Icon for Nimbostratus rankNimbostratus
Sep 05, 2014

We have a Local ASA with 2 ISP and a Remote ASA with 1 ISP. The remote ASA will establish a site to site VPN to local ASA ISP 1. If ISP 1 is unable to connect it will connect though ISP 2 automaticly.

 

Link Controller Create a Pool Name = VPN_Pool Member = “ip of cisco ASA outside interface” 10.20.1.0:0

 

Create 2 Virtual Server Name = ISP_1 Address = 1.1.1.1:0“Public IP from ISP_1” Type = Performance (Layer 4) Default Pool = VPN_Pool

 

Name = ISP_2 Address = 2.2.2.2:0“Public IP from ISP_2” Type = Performance (Layer 4) Default Pool = VPN_Pool

 

Remote Cisco ASA Create Site to Site VPN between remote ASA and Local ASA ISP 1 1.1.1

 

Remote Cisco ASA Command to allow site to Site VPN failover to 2nd ISP

 

This command assumes the following. There is only 1 site to site VPN on the remote ASA using Crypto map 1 Use the same pre-share-key password as ISP 1 VPN pre-share

 

crypto map outside_map 1 set peer 1.1.1.1 2.2.2.2 tunnel-group 2.2.2.2 type ipsec-l2l tunnel-group 2.2.2.2 ipsec-attributes pre-shared-key ********** (Password)