IPSec failover setup for Cisco ASA

book

Article ID: 166633

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

You need to set up an IPSec failover tunnel for your ASA.

In this example, the primary connection is to Seattle with a failover to Chicago. 

Environment

This example is made using a Cisco ASA5505 running ASA version 8.4

Resolution

Step 1: Edit the existing crypto map and add an additional peer. Here you'll add our Chicago data center (199.19.252.164)

 

Step 2: Create a tunnel group for the secondary peer.  You can reuse the same group policy as for the primary:

 

For testing purposes, you can add a static route for the Seattle data center to an IP address that is not assigned:

 

NOTE: For a current list of available IPSec gateways, see TECH242979

Attachments