site to site VPN

Unanswered Question

Hi, Everyone:

I have setup a vpn with a customer, they have a single site and we have 2 sites.

so vpn is setup as following

customer site to our site 1

customer site to our site 2

their source address will reach our one destiantion address.

crypto access-list source and destination are same from our both sites

is that possible we could setup active-active VPN for both sites?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 04/01/2007 - 15:23

Mike

Without knowing a few more details it is difficult to give precise answers. In general it should be possible to set up VPN from the customer site to both of your sites that would be up and active to both at the same time (I think that is what you are describing as the desired outcome - if not please clarify).

I am not clear what you mean when you say: "their source address will reach our one destiantion address". If there is some reason why their address can not reach your second site address then it will not be possible to have an active VPN to that site. But why would they have access to one site and not to the other site?.

Also as far as this statement: "crypto access-list source and destination are same from our both sites " you would need different crypto access lists at each of your sites if each site was to have its own VPN to the customer.

HTH

Rick

Hi, Rick:

Thanks for your quick reply, what I means as following:

they from 10.100.0.0/24 and they want to access one ip addresses, 10.240.240.240, we have backbone circuits, we could route between two data centers, in case of the VPN device failed in one of our data center, traffic could still reach the destination via the other VPN device.

how you could have different crypto access-list?

thx

Actions

This Discussion