Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
0
Helpful
1
Replies

Redundant Site to Site VPN over OSPF

jafrulla1986
Level 1
Level 1

‎11-09-2018 08:14 AM - edited ‎03-12-2019 07:04 AM

Dear Team,

Currently we have two Site to Site VPN Connections between HO (Cisco ASA 5515-X) and Branch office(Fortinet).

ISP 1(HO) Connected to ISP 1 (BO)

ISP 1(HO) Connected to ISP 2 (BO)

We need to achieve Redundant auto fail over of Site to Site VPN Connections and also we need to have Dynamic Routing Protocol (OSPF) over IPSEC tunnel.

Kindly provide a solution to achieve Redundant Site to Site VPN connections using Dynamic Routing Protocol.

Labels:
0 Helpful
1 Reply 1

AndreaTornaghi
Level 1
Level 1

‎11-14-2018 12:34 PM

Dear,

 

unfortunately ASA is not able to perform a GRE tunnel so it's not possible encapsulate OSPF protocol inside a IPSEC tunnel. For doing that you need to have a couple of router and configure a IPSEC over GRE tunnel.

In this case you will be able to manage OSPF protocol.

 

However with ASA you are able to manage a redundant IPSEC VPN. So you can have in one crypto map two remote peer (primary and backup).

 

In case that you are doing everything from scratch maybe take in consideration the DMVPN solution.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card