04-01-2007 11:21 AM - edited 02-21-2020 02:57 PM
Hi, Everyone:
I have setup a vpn with a customer, they have a single site and we have 2 sites.
so vpn is setup as following
customer site to our site 1
customer site to our site 2
their source address will reach our one destiantion address.
crypto access-list source and destination are same from our both sites
is that possible we could setup active-active VPN for both sites?
04-01-2007 03:23 PM
Mike
Without knowing a few more details it is difficult to give precise answers. In general it should be possible to set up VPN from the customer site to both of your sites that would be up and active to both at the same time (I think that is what you are describing as the desired outcome - if not please clarify).
I am not clear what you mean when you say: "their source address will reach our one destiantion address". If there is some reason why their address can not reach your second site address then it will not be possible to have an active VPN to that site. But why would they have access to one site and not to the other site?.
Also as far as this statement: "crypto access-list source and destination are same from our both sites " you would need different crypto access lists at each of your sites if each site was to have its own VPN to the customer.
HTH
Rick
04-02-2007 09:00 AM
Hi, Rick:
Thanks for your quick reply, what I means as following:
they from 10.100.0.0/24 and they want to access one ip addresses, 10.240.240.240, we have backbone circuits, we could route between two data centers, in case of the VPN device failed in one of our data center, traffic could still reach the destination via the other VPN device.
how you could have different crypto access-list?
thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: