Secondary IPSEC L2L Tunnel with IOS Routers...

Unanswered Question
Mar 19th, 2008
User Badges:

How do you configure a secondary IPSEC L2L tunnel without using GRE tunnels on Cisco routers? Is this even possible with the use of crypto ACL's? Example specifics below:


Three routers (All Cisco); a Primary VPN Head-end, a secondary VPN Head-end, and a VPN remote. The remote has two tunnels built to each head-end router. It uses the primary tunnel to reach the range but will use the secondary to reach this same range in the event the Primary Head-End fails.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 03/19/2008 - 11:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If i understand correctly you want the remote VPN to have a primary and secondary tunnel to the range ?

If so then you can configure more than one peer address under the crypto map entry in the remote site ie.

crypto map vpntraffic set peer

crypto map vpntraffic set peer

The remote device will try the primary entry first and if there is no response it will then move onto the secondary.




This Discussion