I have a remote site with 2 x routers (HSRP) LAN side and different public IP's on the outside (static IP's) assigned by the carrier. The carrier will not run HSRP on the outside as these are only ADSL connections.
I understand on the Pix you could previously set 2 x peer statements in the Crypto Map e.g.
crypto map blah match address 100 set peer 184.108.40.206 set peer 220.127.116.11
I need a way to fail over my VPN to the second peer in the event that the 1st is unreachable. Anyone done this with an ASA, any examples ? I have heard that it is possible but only if one end originates the connection i.e. not bi-directional.
If this is not possible I need a workaround. I tried a while ago to run unicast OSPF down a VPN tunnel between a router & ASA, having seen a Cisco example using 2 x ASA's, however, I could not get it working and assumed that only ASA to ASA would work.
My only thought at the moment is that I am going to have to land a GRE tunnel on a router behind the firewall but would welcome any other solutions.