RE: Dual Internet with Redundancy VPN

Joe Thanks

Still not clear how would I configure L2L VPN config with private IP on ASA,
Can you share sample configuration of Edge_router and ASA

I put some config but unclear with VPN config

*****
ISP 1 : public IP = 10.10.10.10
ISP 2 : Public IP = 20.20.20.20

private IP between router and ASA = 172.16.1.0/29

-------------
router config
--------------

int fa0/0
ip nat outside
DESCRIPTION # ISP 1 #
ip add 10.10.10.10 255.255.255.252

int fa0/1
ip nat inside
ip add 172.16.1.2 255.255.255.252

int fa 0/0/1
ip nat outside
ip add 20.20.20.20 255.255.255.252
DESCRIPTION # ISP 2 #

ip nat inside source static 172.16.1.1 10.10.10.10

-----------
ASA config
-----------

int fa 0/0
nameif outside
ip address 172.16.1.1 255.255.255.252

int fa 0/1
nameif inside
ip address 192.168.2.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.16.1.2

***

> CC: ccielab_at_groupstudy.com
> From: marco207p_at_gmail.com
> Subject: Re: Dual Internet with Redundancy VPN
> Date: Mon, 27 Feb 2012 14:58:00 -0600
> To: vishal.rane_at_hotmail.co.in
>
> Yes, for security and PbR reasons I have done this for many customers, this
also saves some of your ip space and disallows your switches from having
public ip's on them.
>
> Regards,
> Joe Sanchez
>
> On Feb 27, 2012, at 1:47 PM, Vishal Rane <vishal.rane_at_hotmail.co.in> wrote:
>
> > Hello
> >
> > Can I have Private IP range between ASA and Internet-Edge-Router
> > Terminate ISP1 & ISP2 on the Internet-Edge-Router and
> > configure crypto config on the ASA
> >
> >
LAN-Switch...............ASA..........Internet-Edge-Router------------ISP1
> >
||
> > ...........ISP2
> >
> >
> > Thanks
> > Vishal
> >
> >
> >
> >
> >> From: vishal.rane_at_hotmail.co.in
> >> To: cjake7_at_hotmail.com; ccielab_at_groupstudy.com
> >> Subject: RE: Dual Internet with Redundancy VPN
> >> Date: Fri, 24 Feb 2012 18:58:17 +0530
> >>
> >> Hello
> >>
> >> I am looking for solution without BGP, can you ellaborate more on your
> > clever
> >> tracking on ISP router
> >>
> >> Thanks
> >> Vishal
> >>
> >>> From: cjake7_at_hotmail.com
> >>> To: vishal.rane_at_hotmail.co.in; ccielab_at_groupstudy.com
> >>> Subject: RE: Dual Internet with Redundancy VPN
> >>> Date: Thu, 23 Feb 2012 08:58:09 -0600
> >>>
> >>> You need to run BGP on location a and get network from one provider
that
> >> can
> >>> be shared thru both. That way the public on the PIX will not have to
> >> change
> >>> during a failure. I have the exact setup in my network. Of course I
also
> >> do
> >>> some clever tracking on my ISP routers as well.
> >>>> From: vishal.rane_at_hotmail.co.in
> >>>> To: ccielab_at_groupstudy.com
> >>>> Subject: Dual Internet with Redundancy VPN
> >>>> Date: Thu, 23 Feb 2012 13:29:36 +0530
> >>>>
> >>>> Hi Guyz
> >>>>
> >>>> Got a situation where Location_A got TWO ISP and Location_B got One
ISP
> >>>>
> >>>> Using ISP 1 link Location_A establishes IPSEC Tunnel with Location_B
.
> >>>>
> >>>> How do I establish redundancy from Location_A point of view, if ISP1
is
> >>> down
> >>>> then ISP2 should establish IPSEC tunnel with Location_B
> >>>>
> >>>> At Location_A both ISP links terminates on the Router and all (VPN)
> >> crypto
> >>>> configuration is on PIX 525 running version 8.0
> >>>>
> >>>> At Location_B VPN is terminated on a Router 3800 series
> >>>>
> >>>>
> >>>>
> >>>> Thanks
> >>>> Vishal
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
Received on Tue Feb 28 2012 - 02:55:45 ART