Router to router and pix redundant IPSEC VPN

Discussion in 'Cisco' started by rsurfer@gmail.com, Feb 5, 2006.

  1. Guest

    I have a home_office with multi-link internet circuits (2). I have a
    remote_office with one internal router and two pix firewalls with a dsl
    router in front of one and another broadband router in front of the
    other. I currently have an IPSEC tunnel working from the home_office
    to the DSL router and through the pix inside, works fine. I now have a
    redundant connection at the remote_office, a broadband router in front
    of and additional pix. the pix has a routable subnet sent to it and is
    able to be homed to it's outside interface. i want to set this up for
    redundancy, i have read that it's possible to have a VPN ipsec tunnel
    to two peers for redundancy. How?

    the home_office has two peers to choose from (dsl router) or (pix
    behind Broadband)both with the same matching ACL and transfrom-set and
    isakmp policy. are the two peers set in the same crypto map instance?
    are they in the same map but differnet instances? i can't seem to get
    it to work. anyone got an example. thanks!
    , Feb 5, 2006
    #1
    1. Advertising

  2. Guest

    follow up...
    I got this to work with two peers set in the first crypto map instance
    and then the last crypto map instance had a duplicate of the redundant
    peer. ie

    cry map my_vpn 10 ipsec-isakmp
    set peer 1.1.1.2
    set peer 10.10.10.2
    set transform-set my-vpn-ts
    match add 101
    cry map my_vpn 15 ipsec-isakmp
    set peer 172.16.200.1
    set transform-set my-vpn-ts2
    match add 102
    cry map my_vpn 20 ipsec-isakmp
    set peer 10.10.10.2
    set transform-set my-vpn-ts
    match add 101

    seems somewhat strange to me but it did work. any thoughts?
    , Feb 6, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tom Pouce
    Replies:
    1
    Views:
    1,730
    Vincent C Jones
    Feb 13, 2004
  2. Manfred
    Replies:
    1
    Views:
    3,020
    Vincent C Jones
    May 4, 2004
  3. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,432
    Stuart Kendrick
    Aug 10, 2004
  4. Mephesto
    Replies:
    0
    Views:
    993
    Mephesto
    Jun 29, 2005
  5. Replies:
    0
    Views:
    459
Loading...

Share This Page