Sunday, May 26, 2019

Cisco ASA - ECMP over different interfaces?

I don't think this is supported, but I am hoping someone could say how else I can achieve the required end result.

We have active-active VPN gateways in azure. These used to terminate on an ASR. On the ASR we would have routes as below:

IP route 1.1.1.0 255.255.255.0 tunnel1 10

IP route 1.1.1.0 255.255.255.0 tunnel2 10

Which meant we would use either tunnel to reach azure.

I'm moving these vpns to a ha ASA cluster for resiliency, but it seems that ASA doesn't like route to the same destination over different interfaces, unless I specify a different metric.

Is there a way for me to utilize both tunnel interfaces as the route to the same destination with the same metric?



No comments:

Post a Comment