So basically we have a Cisco ASA 5505 (we have inherited this from a customer, none of us have any experience with Cisco's). Now essentially we have to WAN lines which we have setup in Failover, via adding Tracking ID to the main line. We set the Tracking ID to 1 and the SLA ID to 123, these were just random values we found on a Cisco ISP Failover guide on the Cisco site.
This works great – it removes one route dynamically from the routing table when the main line goes down and forces traffic down the other line. However we have a site to site VPN at the moment which is bound to the main line. However, when the main line goes down the VPN doesn't failover to the other line as some configuration needs to be put in place I assume! This means no VPN as it is bound to one line which is no longer active.
Firstly, we've been doing all the config through ASDM (the GUI) and would like to continue doing this if possible as the command line is a different ball game. Is it possible to do this through the GUI, and if so, what is the general setup/process, any help is much appreciated!
EDIT: I also assume some configuration would need to be put in place at the other end of the site-to-site VPN to it swaps it's VPN connection to the other line at the remote office which is now the only active line. IT is a Cisco 5505 at one end, 5510 at the other.
Best Answer
Try the link below:
https://supportforums.cisco.com/community/netpro/security/vpn/blog/2011/04/25/ipsec-vpn-redundancy-failover-over-redundant-isp-links
This should cover all of what you want to do. Yes your remote side needs to be set up similarly in that it needs to understand what the primary and secondary IP addresses are for the tunnel. I'm not super familiar with ASDM but you should be able to match the theory of the above article with the button presses in ASDM. Sounds like you're already 50% there with the routing failover working properly.