We are working in an ipsec vpn lan2lan HA design. Our network environment has 2 HQ sites ( forming an ipsec vpn between them, using 2 ASA5515x fot that), and that HQ needs to communicate with a lot of Remote Sites (each one using 1 ASA 5505).
-Each remote site has 2 crypto map entries, 1 for each 5515x of HQs
-Both 5515x HQ ASAs have 1 crypto map entry for each remote site.
At normal conditions, having both HQs sites up, everything works fine, in deed we have an "active-active" ipsec vpn from each ASA5505 remote site to ASA5515 HQs.
-If we lost 1 HQ site, 5505ASA remote is not able to use the second crypto map to reach remaining HQ site
I will attach crypto-map configs here, please could you help how to fix this issue.
No comments:
Post a Comment