Redundant Tunnels

Unanswered Question

I would like if possible to configure this scenerio.

I have remote sites with PIX 506 s connecting to a cisco 2801 router with VPN AIM. This is working correctly. Now i have also a second 2801 for redundancy purposes. If i set the pix up with a second peer address of the 2801 #2 ISAKMP phase 1 completes successfully and i get 2 tunnels formed on the PIX . However a proper ipsec sa does not get generated for the second connection.

What i would like is to essentially load balance the traffic across the 2 vpn routers from the pix. I can accomplish this without a problem from the router side using equal cost routing but on the pix only one of them is allowed to be active at a time in an ipsec sa standpoint.

Is there something i am missing or is it not possible

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
ivillegas Tue, 03/11/2008 - 14:47
User Badges:
  • Silver, 250 points or more

I think this is possible as PIX can also exchange routes with dynamic protocols like OSPF.


This Discussion