cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
742
Views
5
Helpful
8
Replies

Router based S2S VPN

Sureshdank
Level 1
Level 1

Hi All,

Please let me know how can we configure S2S to two different VPN peers from the same router and the source and destination encryption domain is also the same. Only difference is Peer IPs.

This is actually for DR.

Thanks in Advance.

Regards,

Suresh Kumar

8 Replies 8

Ivan Martinon
Level 7
Level 7

You can't configure this, if you define same source and destination for both tunnels with the router will always use the crypto that matches first on the vpn parsing, meaning the crypto map with the lower sequence number.

Hi Martino,

Thanks for the info. But is there any other way to this. The main aim is if S2S tunnel goes down the traffic should flow through alternate one which is to different peer IP.

Regards,

Suresh Kumar

In your situation, you can use GRE/IPSEC tunnel on both tunnels and let dynamic routing handle the failover situation, having 2 different peers, both having same network behind, you can easily define a gre/ipsec tunnel to redistribute via OSPF or eigrp or any Routing protocol you need, the same network, and make the failover condition to happen by setting a preferred path.

do you have any sample configuration for the above solution.

Suresh

An alternative to Ivan's approach is that you can specify multiple peers in the same crypto map entry so if the first peer goes down the second will be used. Basically the first peer to respond will be used -

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s2.html#wp1046908

Jon

This however causes a bit of downtime, unlike GRE :)

When we configure multiple Peer ips

if the first peer is not reachable then it will take second peer IP and establish the S2S VPN.

Whether is there any way where in we can configure auto rollback to first peer ip.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: