does anyone know if its possible to have two routers at a remote branch (one primary, the other backup with HSRP) connecting back via IPsec VPN's to a Head office PIX 515E with ver6.3.5.
When I lab the scenario, the pix seems to get confused in fail-over scenarios and I need to clear the vpns (clear crypto sa) on the routers to make the vpns come back up. thoughts?
the pix has the two routers as peers under the one crypto map:
access-list vpn400 permit ip 172.21.0.0 255.255.0.0 10.86.200.0 255.255.255.0
crypto ipsec transform-set avalanche esp-des esp-md5-hmac
crypto map forsberg 21 ipsec-isakmp
crypto map forsberg 21 match address vpn400
crypto map forsberg 21 set peer 126.96.36.199
crypto map forsberg 21 set peer 188.8.131.52
crypto map forsberg 21 set transform-set avalanche
crypto map forsberg 21 set security-association lifetime seconds 3600 kilobytes 4608000
crypto map forsberg interface outside
sakmp enable outside
isakmp key ******** address 184.108.40.206 netmask 255.255.255.255
isakmp key ******** address 220.127.116.11 netmask 255.255.255.255