Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
1
Replies

failback L2L tunnel from failover

peter.williams
Level 1
Level 1

‎10-23-2007 11:55 AM - edited ‎03-09-2019 07:04 PM

I have a router with 2 ISP's with 2 L2L tunnels, if the primary goes down it fails over to the backup VPN tunnel just fine, however when the primary comes back up it tries to create a VPN tunnel but the VPN tunnel on the secondary is working and connected so it does not work. The problem is that because the primary came back up it stops routing through the secondary VPN tunnel and then everything is down until I go in and submit clear crypto sa. Is there a automated way of either failback to the primary or not letting the primary tunnel to come up if the primary interface comes up? Any suggestion would be helpful or if anybody is doing this, please give me some suggestions on how to fix this.

Thank you

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎10-29-2007 02:34 PM

You need to configure DPD between the routers. On IOS, the command is 'crypto isakmp keepalive' and on ASA it's 'isakmp keepalive'. DPD is enabled by default on ASA for Remote Access and L2L tunnels.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents