I have inherited 90 sites with PIX 501 6.4(4) which connect to a central data centre site with preshare key and ip.
We are looking to implement another site and provide a failover VPN service.
In the event of a disaster we would want the 501 to start using the new sites VPN concentrator.
I have had a look at the config guide and it does not look like we could use DNS for the peering.
Is there some I could get the 501 to use the second VPN Service if the main datacentre is taken out.
This will work. It will use the second peer if first is unavailable. I think this is mentioned in the config guide somewhere but I'll have to look for it. Please rate if it helps.
crypto map newmap 10 set peer 220.127.116.11
crypto map newmap 10 set peer 18.104.22.168
isakmp key ******** address 22.214.171.124 netmask 255.255.255.255
isakmp key ******** address 126.96.36.199 netmask 255.255.255.255