08-28-2007 01:45 PM - edited 03-11-2019 04:03 AM
is it possible to establish two IPSEC VPN tunnels to a single remote peer?
I currently have two ISP connections and i wanted to make two tunnels for failover but im not sure if there is an issue on the tunnel groups since i would end up having only on tunnel group for both the tunnel.
08-29-2007 05:16 AM
How is your internet redundancy configured? Are you using PIX,ASA,IOS or what?
08-29-2007 06:30 AM
Im currently using an ASA that is configured with a static route tracking feature.
08-29-2007 06:35 AM
08-29-2007 07:40 AM
If you have PIX/ASA/VPNC on both ends you can use the backup Lan-to-Lan feature.
The end that will connect to multiple ip-addresses should be configured as originate-only with the set connection-type command, and use the crypto map set peer command to order the priority of the peers.
The other end should be configured with the answer-only keyword.
The originate-only end attempts to negotiate with the first peer in the list. If that peer does not respond, the ASA works its way down the list until either a peer responds or there are no more peers in the list.
08-29-2007 09:02 AM
I have a cisco asa on my end but on the remote end is a multitech firewall.
how do i go about this?
08-29-2007 09:43 AM
In that case I am not sure. But if the other end permits multiple peer statements you can try to just configure your end as answer-only, or do nothing and see what happens. It mostly depends on how the multitech handles redundancy, the ASA side only has one address to connect to.
A router on each side eould provide much better redundancy by running DMVPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide