Search This Blog

Tuesday, 11 September 2012

ASA VPN FAILOVER


crypto ipsec transform-set L2L esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map l2l 1 match address LAN_Traffic
crypto map l2l 1 set peer REMOTE_IP_FIRST _PEER REMOTE_IP_SEC_PEER 
crypto map l2l 1 set transform-set L2L
crypto map l2l interface outside   <--Points to first ISP
crypto map l2l interface outside2  <--Point to second ISP
crypto isakmp enable outside       <--Apply to first ISP
crypto isakmp enable outside2      <--Apply to second ISP
crypto isakmp policy 1
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
!
!
tunnel-group REMOTE_IP_FIRST _PEER type ipsec-l2l
tunnel-group REMOTE_IP_FIRST _PEER ipsec-attributes
 pre-shared-key mapskey
tunnel-group REMOTE_IP_SEC_PEER type ipsec-l2l
tunnel-group REMOTE_IP_SEC_PEER  ipsec-attributes
 pre-shared-key KEY

No comments:

Post a Comment