IPSec failover setup for Cisco ASA
search cancel

IPSec failover setup for Cisco ASA


Article ID: 166633


Updated On:


Cloud Secure Web Gateway - Cloud SWG


You need to set up an IPSec failover tunnel for your ASA.

In this example, the primary connection is to Seattle with a failover to Chicago. 


This example is made using a Cisco ASA5505 running ASA version 8.4


Step 1: Edit the existing crypto map and add an additional peer. Here you'll add our Chicago data center (


Step 2: Create a tunnel group for the secondary peer.  You can reuse the same group policy as for the primary:


For testing purposes, you can add a static route for the Seattle data center to an IP address that is not assigned:


NOTE: For a current list of available IPSec gateways, see TECH242979