Im trying to figure out the best way to connect to one of my sites, where I have 2 Pix 506 firewalls with 2 different ISPs for redundancy. In main building I have ASA 5510, so I had built 2 VPN tunnels and connected to both PIXs. I’d like to be able to switch between these 2 tunnels, in case of service disruptions. So far I’m able to connect thru 1st tunnel I had built, but when I try to switch over to 2nd tunnel, I’m losing network connectivity (even though the tunnel is up). It seems that ASA stops forwarding packets as I see “Bytes Rx” but not “Bytes Tx” on ASA side. Is it a result of having 2 tunnels terminating to the same networks?? Is there better way to achieve redundancy in such configuration?
VPN Tunnel 1 VPN Tunnel1 Cisco Pix1
10.x.x.x ASA 108.x.x.x Cisco 2950 192.168.x.x
VPN Tunnel 2 VPN Tunnel 2 Cisco Pix2