Has anyone worked up a guide to configuring VPN failover from WAN 1 to WAN 2 where the other end is an ASA? On the MX the configuration should be trivial, but on the ASA side it might be a bit more involved. Haven't found anything here or in the Cisco Community on the topic that goes into specifics. Also, does the MX support stateful failover for VPN traffic going to third party endpoints? For example, would TCP sessions and NAT translations be capable of being immediately reassigned to the VPN tunnel on WAN 2, without the need for the endpoints to restart whatever sessions they're running?
... View more
We've got a private circuit coming into a location and I'd like to know if anyone has experience routing traffic with an MX in such a situation. Does it work like a router works? It would be static routes. Currently it is served by a Cisco 2911. Replacing the 2911 with a pair of MX85's. Sample topology Internet --- metro e rtr 10.1.1.1 --- 10.1.1.2 MX85 10.3.1.1 --- LAN This would be a temporary situation as we're converting to DIA fiber soon. Twist: There is a backup LTE connection that would go into one of the MX85's. We'd do an IPSec third party VPN tunnel over this connection. I see no reason why that couldn't serve as backup, but maybe there are some limitations to the MX I'm not considering here.
... View more