Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
513
Views
0
Helpful
2
Replies

IPSEC VPN Failover

chiangfong
Level 1
Level 1

‎04-17-2008 08:07 PM - edited ‎02-21-2020 03:40 PM

Need help to verify my design. I have 1 router1841 and pix515.2 isp link connect to router1841 and 1 isp link connect to pix515.My intention is to do redundancy ipsec vpn. will this design achivable? Thanks.

Labels:
0 Helpful
2 Replies 2

mchin345
Level 6
Level 6

‎04-23-2008 11:58 AM

Yes its possible but ensure you configured the right settings before you proceed. For more about the design use this.

http://cisco.com/web/psa/products/tsd_products_support_design.html

0 Helpful

Todd Pula
Level 7
Level 7

‎03-01-2011 02:50 PM

You will want to employ some of the HA configuration found in the doc below to automate the failover process between the two ISP connections.  If configuring a static crypto map, you can configure one or more peer IPs for failover.  In this scenario, you will want to make sure that ISAKMP keepalives are correctly configured on both the 1841 and PIX so that the stale SAs can be timed out more quickly.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a00809454c7.shtml


crypto map CMAP 10 ipsec-isakmp
set peer 10.0.0.1 default
set peer 10.1.1.1
set transform-set TSET
match address INTERESTING

0 Helpful
Customers Also Viewed These Support Documents