ASA site to site routing question 1

[rlgaooa]

I have a remote site that is normally connected to our wide area network. Their current failover solution is a ISDN BRI dialer that is not very reliable. They have a separate DSL connection to the internet. I have proposed a site to site vpn tunnel between two ASA's using their internet connection. At the remote site I can assign two default gateways to the end users, one to the wide area network and one with a higher cost to the ASA. The problem is at the main site.
I would need to add this route to the ASA 5550: "route outside 10.216.38.0 255.255.255.0 70.xxx.xxx.1 1" (this subnet is currently routed internally to my wide area network).
I will also need to change these route in my internal router: "ip route 10.216.38.0 255.255.255.0 10.216.0.1" which points to my wide area network to "ip route 10.216.38.0 255.255.255.0 10.216.85.x" which points to the ASA. Is there any way to automate this process. The route outside command in the ASA does not allow you to associate a cost with the route.

 

[unclerico]

Take a look at IP SLA's:

http://www.cisco.com/en/US/products...s_configuration_example09186a00806e880b.shtml

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[rlgaooa]

Thanks! I think I can adapt this to the particular network situation I have. As a work around for some static routes in my wide area network is it possible to nat through a site to site vpn tunnel? For example can I nat 10.216.38.0 (the remote network) to appear as 10.216.77.0 in the local end of the vpn tunnel?

 

[unclerico]

Policy NAT should work fine for this. The doc below mentions overlapping networks, but there should be no reason that it can't work for what you want:

http://www.cisco.com/en/US/products...s_configuration_example09186a00808c9950.shtml

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)