04-17-2008 08:07 PM - edited 02-21-2020 03:40 PM
Need help to verify my design. I have 1 router1841 and pix515.2 isp link connect to router1841 and 1 isp link connect to pix515.My intention is to do redundancy ipsec vpn. will this design achivable? Thanks.
04-23-2008 11:58 AM
Yes its possible but ensure you configured the right settings before you proceed. For more about the design use this.
http://cisco.com/web/psa/products/tsd_products_support_design.html
03-01-2011 02:50 PM
You will want to employ some of the HA configuration found in the doc below to automate the failover process between the two ISP connections. If configuring a static crypto map, you can configure one or more peer IPs for failover. In this scenario, you will want to make sure that ISAKMP keepalives are correctly configured on both the 1841 and PIX so that the stale SAs can be timed out more quickly.
crypto map CMAP 10 ipsec-isakmp
set peer 10.0.0.1 default
set peer 10.1.1.1
set transform-set TSET
match address INTERESTING
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide