cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Site2Site DR setup with ASA

Failover DR related Question. 

We have an established Site2Site VPN connectivity between ASA and checkpoint as in pic (Firewall 1 and Firewall 2)

we want to have DR tunnel Site2Site VPN (Firewall 1 and Firewall 3) 

Problem is that Site 2 and Site 3 has a layer 2 auto failover using NSX VMware technology and encryption domain is same for these tunnels. 

What is the best way to achieve this auto failover in case of Firewall 2 site is destroyed..?

layer 2 failover will only happen if firewall 2 is unresponsive.. or in case a disaster. meaning the failover of Layer 2 IP's will happen to firewall 3. Can i achieve this with same encryption domain IP's? and will ASA be smart enough or a change will be needed there as well.. Open to ideas if someone has worked in a situation like this or if there is an SK which can guide me ..? 

Thanks 

Tags (1)