You could try to use the crypto map local-address command with an anycast
loopback address using HSRP SSO redundancy on the internal interface. But
the feature kinda sucks. It shouldn't be used in production in my opinion.
You may have to use EEM to shut no shut the secondary interface if needed.
Get two ASA's and terminate the VPN's on there if you want good reliable
redundancy.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
ehtesham ali
Sent: Tuesday, November 30, 2010 1:08 PM
To: Cisco certification
Subject: ipsec ha
hi group,
we have the following senario r1, and r2 are multihomed to two regional
isp as shown.
[r1] s0----------------------------------->primary isp A
[ ] s1----------------------------------->backup isp B
[r2] s0/0-------------------------------> primary isp A
r1 and r2 faces the internet and connect to HQ using IPSEC vpn.
requirements
1)
*the primary ipsec tunnel should terminate on R1 s0 interface , *
**
*on local interface failure OR when line protocol on s0 is down ,*
**
* backup tunnel should be immediately come up on R1 s1 interface connected
to ispB* .
2) *however when R1 itslef fails IPSEC TUNNEL should terminate on R2 s0
interface*
**
does cisco has any feature that can meet my requirements as stated above
.(hsrp can only fulfill second cond )
also can the solution work with asa ??
**
if yes plz provide me links
Regards
Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 30 2010 - 14:13:47 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART