We have a Local ASA with 2 ISP and a Remote ASA with 1 ISP.
The remote ASA will establish a site to site VPN to local ASA ISP 1. If ISP 1 is unable to connect it will connect though ISP 2 automaticly.
Link Controller
Create a Pool
Name = VPN_Pool
Member = “ip of cisco ASA outside interface” 10.20.1.0:0
Create 2 Virtual Server
Name = ISP_1
Address = 1.1.1.1:0“Public IP from ISP_1”
Type = Performance (Layer 4)
Default Pool = VPN_Pool
Name = ISP_2
Address = 2.2.2.2:0“Public IP from ISP_2”
Type = Performance (Layer 4)
Default Pool = VPN_Pool
Remote Cisco ASA
Create Site to Site VPN between remote ASA and Local ASA ISP 1 1.1.1
Remote Cisco ASA Command to allow site to Site VPN failover to 2nd ISP
This command assumes the following.
There is only 1 site to site VPN on the remote ASA using Crypto map 1
Use the same pre-share-key password as ISP 1 VPN pre-share
crypto map outside_map 1 set peer 1.1.1.1 2.2.2.2
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key ********** (Password)