Failover VPN -Tunnel

Answered Question
Sep 11th, 2008

HI, Friends

I have a pix515 at hyderabad and other at Delhi both are in vpn-tunnel, i would like to have one more vpn-tunnel configured with different isp provider on both locations along with the current tunnel, This should act like a failover to the first tunnel. Is this possible. ??

Thx

Correct Answer by francisco_1 about 8 years 5 months ago

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
francisco_1 Thu, 09/11/2008 - 01:07

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.

Actions

This Discussion