Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
1
Replies

l2l vpn pix ISP failover

xjoshx
Level 1
Level 1

‎02-01-2008 06:29 AM - edited ‎02-21-2020 03:31 PM

I have a l2l vpn with a pix at our main site and a 1811 at a remote site. Our pix is configured for isp failover using tracking.

Currently the vpn tunnel is only configured between the pix and the 1811 using the primary isp on the pix not the backup isp.

What I need to happen is when the pix fails over to the backup isp a tunnel is established to the 1811. All vpn traffic should use the primary connection on the pix until the backup connection is in use.

Can someone point me in the right direction? Thanks

Labels:
0 Helpful
1 Reply 1

djones
Level 1
Level 1

‎02-01-2008 12:10 PM

I've done this by configuring the IOS router by just configuring a 2nd peer. You'll have to configure a second crypto key if you use specific addresses in your crypto key command line. You'll also need to adjust routes/acls as necessary. If you configure your first peer with your primary isp ip and bring up the tunnel, then it will use that. Then configure your second peer. Only on failure will the second peer be used.

Now with this simple config, if your primary isp comes back up, you may have to manually force your 1811 to use the primary isp path.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents