Secondary IPSEC L2L Tunnel with IOS Routers...

Unanswered Question
Mar 19th, 2008

How do you configure a secondary IPSEC L2L tunnel without using GRE tunnels on Cisco routers? Is this even possible with the use of crypto ACL's? Example specifics below:


Three routers (All Cisco); a Primary VPN Head-end, a secondary VPN Head-end, and a VPN remote. The remote has two tunnels built to each head-end router. It uses the primary tunnel to reach the range but will use the secondary to reach this same range in the event the Primary Head-End fails.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 03/19/2008 - 11:11


If i understand correctly you want the remote VPN to have a primary and secondary tunnel to the range ?

If so then you can configure more than one peer address under the crypto map entry in the remote site ie.

crypto map vpntraffic set peer

crypto map vpntraffic set peer

The remote device will try the primary entry first and if there is no response it will then move onto the secondary.




This Discussion