Router based S2S VPN

Unanswered Question
Mar 30th, 2009

Hi All,

Please let me know how can we configure S2S to two different VPN peers from the same router and the source and destination encryption domain is also the same. Only difference is Peer IPs.

This is actually for DR.

Thanks in Advance.

Regards,

Suresh Kumar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
Ivan Martinon Tue, 03/31/2009 - 10:52

You can't configure this, if you define same source and destination for both tunnels with the router will always use the crypto that matches first on the vpn parsing, meaning the crypto map with the lower sequence number.

Sureshdank Tue, 03/31/2009 - 21:53

Hi Martino,

Thanks for the info. But is there any other way to this. The main aim is if S2S tunnel goes down the traffic should flow through alternate one which is to different peer IP.

Regards,

Suresh Kumar

Ivan Martinon Wed, 04/01/2009 - 07:47

In your situation, you can use GRE/IPSEC tunnel on both tunnels and let dynamic routing handle the failover situation, having 2 different peers, both having same network behind, you can easily define a gre/ipsec tunnel to redistribute via OSPF or eigrp or any Routing protocol you need, the same network, and make the failover condition to happen by setting a preferred path.

Sureshdank Wed, 04/08/2009 - 23:39

When we configure multiple Peer ips

if the first peer is not reachable then it will take second peer IP and establish the S2S VPN.

Whether is there any way where in we can configure auto rollback to first peer ip.

Actions

This Discussion