Joe,
some time back when I was designing and deploying a similar setup for
our international IPSec VPNs, I could not find how to preempt back to
the primary peer once it is back up and running. But that was ASA code
8.2(x). Something new on that front in the latest and greatest code? :-)
Cheers
A.
On 5/15/2012 2:57 AM, Joe Astorino wrote:
Hello,
I am working on a design trying to accomplish the following: I have
two ASA's that need to terminate L2L IPSEC tunnels to some remote
sites but they are in different regions of the world. The idea is
that a remote site will have a tunnel to the ASA closest to the site,
and a backup tunnel to the other. I believe I can accomplish this by
having a crypto map on the remote router with two "set peer" commands
on the same crypto map line. It looks like dead peer detection will
detect if the primary link goes down and failover to the secondary,
but I don't see a way to make it recover after the primary comes back
up. Is there a way to accomplish that?
I would want it to fail back over to the primary because the primary
will be geographically closer and yield better response times.
Is there a better way to do something like this?
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
