Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
264
Views
0
Helpful
1
Replies

Secondary IPSEC L2L Tunnel with IOS Routers...

lrm001c474
Level 1
Level 1

‎03-19-2008 10:08 AM - edited ‎02-21-2020 03:37 PM

How do you configure a secondary IPSEC L2L tunnel without using GRE tunnels on Cisco routers? Is this even possible with the use of crypto ACL's? Example specifics below:

Example:

Three routers (All Cisco); a Primary VPN Head-end, a secondary VPN Head-end, and a VPN remote. The remote has two tunnels built to each head-end router. It uses the primary tunnel to reach the 10.0.0.0/8 range but will use the secondary to reach this same range in the event the Primary Head-End fails.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎03-19-2008 11:11 AM

Hi

If i understand correctly you want the remote VPN to have a primary and secondary tunnel to the 10.0.0.0/8 range ?

If so then you can configure more than one peer address under the crypto map entry in the remote site ie.

crypto map vpntraffic set peer

crypto map vpntraffic set peer

The remote device will try the primary entry first and if there is no response it will then move onto the secondary.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents