Both Head Office and Branch Office have Cisco IOS routers running GRE over IPSec VPN's on their primary links. The IPSec VPN is certificate based. For backup link (ISDN), it has been decided to go for IPSec VPN's again with pre-shared keys.
Both the primary and backup ISDN links terminate on the same router in Head Office as well as Branch office.
The Head office is 3800 series router and Branch office end is 2800 series router.
The problem is in the ISAKMP policies.
If i have one ISAKMP policy on the router for Certificate Based vpn and the other for Pre shared keys, how do i define that the primary interface always initiates a Certificate VPN and the secondary ISDN interface always initiates a pre-shared key VPN?
In other words, is it possible to define which isakmp policy takes effect on a per interface basis?
Please note that both primary and backup links terminate on the same router. If it was a different router, i know that it would have been easily achieved.
Please find enclosed the config of the BO router for your reference.
Looking forward for some help on this.
Thanks a lot