Hello, I am working on a design trying to accomplish the following: I have two ASA's that need to terminate L2L IPSEC tunnels to some remote sites but they are in different regions of the world. The idea is that a remote site will have a tunnel to the ASA closest to the site, and a backup tunnel to the other. I believe I can accomplish this by having a crypto map on the remote router with two "set peer" commands on the same crypto map line. It looks like dead peer detection will detect if the primary link goes down and failover to the secondary, but I don't see a way to make it recover after the primary comes back up. Is there a way to accomplish that?
I would want it to fail back over to the primary because the primary will be geographically closer and yield better response times. Is there a better way to do something like this? -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
