03-12-2007 10:40 AM - edited 02-21-2020 01:26 AM
We had a firewall failure over the weekend which crippled a remote site. We have a VPN concentrator at another main site and we were wondering if we could use this for a "backup" tunnel for the remote site (the primary line is a tunnel to a separate main site - a router-to-router VPN). Can you have multiple cryptomaps on 1 interface (at the remote)? How could you force traffic down the primary and only use the secondary tunnel for backup (the primary tunnel is GRE with static routes, the VPN concentrator does participate in our OSPF network)? Thanks in advance.
03-12-2007 05:30 PM
Hi,
My understanding is that the remote site had a regular IPSEC VPN with the firewall at the main site which went down. If this is true then you can go ahead and configure the LAN-LAN tunnel on the concentrator using the same policies and add another peer (concentrator's IP) in the same crypto map on the remote end device.
Please do this only if my understanding is correct else let me know.
HTH,
Please rate if it helps,
Regards,
Kamal
03-14-2007 06:25 AM
Kamal,
Yes, your understanding is correct. Thank you very much for the insight.
Lee
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide