PIX 506E configuration question

Unanswered Question
Mar 6th, 2008


I have a pix connected to 2 remote sites (1 & 2 vpn 3000 concentrator on both end sites) I would like to configure the PIX having a principal server (site 1)and a secondary server (site 2)in case principal tunnel fails the second become active

If posible to have this kind of config on a PIX 506E?

Thanks a lot

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 03/06/2008 - 19:58


Yes you can have 2 entries under your crypto map statement ie.

crypto map vpnset 1 ispec-isakmp

crypto map vpnset 1 set peer "site 1 vpn3000 ip address"

crypto map vpnset 1 set peer "site 2 vpn3000 ip address"


The pix will use the 2nd site vpn 3000 if it doesn't get a response from site 1 vpn 3000.




This Discussion