08-28-2007 01:45 PM - edited 03-11-2019 04:03 AM
is it possible to establish two IPSEC VPN tunnels to a single remote peer?
I currently have two ISP connections and i wanted to make two tunnels for failover but im not sure if there is an issue on the tunnel groups since i would end up having only on tunnel group for both the tunnel.
08-29-2007 05:16 AM
How is your internet redundancy configured? Are you using PIX,ASA,IOS or what?
08-29-2007 06:30 AM
Im currently using an ASA that is configured with a static route tracking feature.
08-29-2007 06:35 AM
08-29-2007 07:40 AM
If you have PIX/ASA/VPNC on both ends you can use the backup Lan-to-Lan feature.
The end that will connect to multiple ip-addresses should be configured as originate-only with the set connection-type command, and use the crypto map set peer command to order the priority of the peers.
The other end should be configured with the answer-only keyword.
The originate-only end attempts to negotiate with the first peer in the list. If that peer does not respond, the ASA works its way down the list until either a peer responds or there are no more peers in the list.
08-29-2007 09:02 AM
I have a cisco asa on my end but on the remote end is a multitech firewall.
how do i go about this?
08-29-2007 09:43 AM
In that case I am not sure. But if the other end permits multiple peer statements you can try to just configure your end as answer-only, or do nothing and see what happens. It mostly depends on how the multitech handles redundancy, the ASA side only has one address to connect to.
A router on each side eould provide much better redundancy by running DMVPN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: