VPN connection reservation

One client contacted us with a request to provide a VPN tunnel reservation between the office and the virtual data center in Cloud4Y. The reason for the unstable connection was one of the providers on the client side. Typical scheme is shown below:




To automatically raise the tunnel through the backup provider, the following configuration changes are proposed: 

1. On the VMware Edge side, in VPN settings allow Edge connections with any address. For this, choose "Any" in "Peer IP"For security purposes, Firewall allows only ipsec traffic from the necessary addresses.



2. On the cisco asa side:

   Interface settings:
   interface GigabitEthernet0
    description Connected to ISP2 - Primary link
    nameif outside
    security-level 0
    ip address 2.2.2.1 255.255.255.0 
   !
   interface GigabitEthernet1
    description Connected to ISP3 - Backup link
    nameif outside2
    security-level 0
    ip address 3.3.3.1 255.255.255.0
   
  Monitor SLA settings to check the availability of the gateway of the primary provider. Adding a backup provider gateway with a weight of 254:
   sla monitor 10
   type echo protocol ipIcmpEcho 2.2.2.2 interface outside
   frequency 5
   sla monitor schedule 10 life forever start-time now
   !
   track 1 rtr 10 reachability
   !
   route outside 0.0.0.0 0.0.0.0 2.2.2.2 1 track 1
   route outside2 0.0.0.0 0.0.0.0 3.3.3.2 254

   Existing ipsec settings:
   crypto ikev1 enable outside
   crypto map outside_map interface outside
   crypto map outside_map 10 set connection-type bi-directional

  Additional ipsec settings:
   crypto ikev1 enable outside2
   crypto map outside_map interface outside2
   
   Existing NAT rules:
   nat (inside,outside) source static 10.2.2.0-24 10.2.2.0-24 destination static 10.1.1.0-24 10.1.1.0-24 no-proxy-arp route-lookup
   nat (inside,outside) after-auto source dynamic any interface

   Additional NAT rules::
   nat (inside,outside2) source static 10.2.2.0-24 10.2.2.0-24 destination static 10.1.1.0-24 10.1.1.0-24 no-proxy-arp route-lookup
   nat (inside,outside2) after-auto source dynamic any interface

Have you tried Virtual cloud servers by Cloud4Y? Not yet? 

 

Leave a request and get a 10-day free trial. 

 

Смотреть подробности   
  • 115 Users Found This Useful
Was this answer helpful?

Related Articles

Site-to-Site VPN settings between Edge gateway and Juniper SRX

Scheme: How it works. A detailed description of the tunnel parameters can be found in a...

Site to Site IPsec Policy Based VPN between Edge Gateway and Mikrotik. Dual WAN (two providers)

This tutorial describes the Site to Site IPsec VPN configuration scenario between Cloud4Y (Edge...

Fault-tolerant VTI over IPSec configuration with EDGE Gateway

Before you start GRE tunneling technology was added in NSX 6.4. This technology is implemented...

IPSec Site-to-Site VPN Settings Supported by Edge Gateway (vCloud Director v 9.7)

This table lists the IPSec S2S VPN tunnel parameters for vCloud Director version 9.7. Parameters...

Mikrotik, Site to Site VPN

A detailed description of the tunnel parameters can be found in a separate article....