l2l vpn pix ISP failover

Unanswered Question

I have a l2l vpn with a pix at our main site and a 1811 at a remote site. Our pix is configured for isp failover using tracking.


Currently the vpn tunnel is only configured between the pix and the 1811 using the primary isp on the pix not the backup isp.


What I need to happen is when the pix fails over to the backup isp a tunnel is established to the 1811. All vpn traffic should use the primary connection on the pix until the backup connection is in use.


Can someone point me in the right direction? Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

I've done this by configuring the IOS router by just configuring a 2nd peer. You'll have to configure a second crypto key if you use specific addresses in your crypto key command line. You'll also need to adjust routes/acls as necessary. If you configure your first peer with your primary isp ip and bring up the tunnel, then it will use that. Then configure your second peer. Only on failure will the second peer be used.


Now with this simple config, if your primary isp comes back up, you may have to manually force your 1811 to use the primary isp path.

Actions

This Discussion