Sign in to follow this  
Followers 0
dido32

VPN ipsec for dual ISP ON ASA

3 posts in this topic

hello,

 

I Have configured VPNipsec on asa, i use 'sla monitor track' for duel ISP.

I use two interfaces(outside for ISP1, backup for ISP2):

 

1-when outside interface is down(i take off cable ) vpn switch automatically.

2-but when ISP1 is down (outside interface is up) my internet switch to backup interface , i have internet.

but my vpn is down

even i have these:

When I type sh crypto isakmp sa i get

Type : L2L Role : responder

Rekey : no State : MM_ACTIVE

Encrypt : aes Hash : SHA

Auth : preshared Lifetime: 86400

Lifetime Remaining: 85981

 

it seems fine BUT

and when i type sh crypto ipsec sa i get

interface: outside (should be backup)

 

i think this result is for ancient vpn .

 

i was trying to follow what happens when my ISP is down , i enable debug isakmp and ipsec

 

when i type debug crypto isakmp 127 I get

 

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

[iKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0

without stopping that mean my phase1 and two don't complete

ofcourse for debug crypto ipsec 127 nothing happens

 

but if i take off outside interface cable , vpn will work

thank you advance

Edited by dido32
-1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0