Backup VPN Tunnel on same firewall

Answered Question
Aug 6th, 2009

I have 2 VPN tunnels on the same pix firewall Ver 6.3(5)The tunnels goes to the same remote site. On the remote site there are 2 internet circuits a primary and a secondary. The primary circuit goes to one tunnel on my firewall and the secondary goes to another tunnel on my firewall that only comes up when the primary circuit goes down.

We are noticing that when the primary circuit goes down the backup tunnel on the pix firewall comes up but traffic stops flowing after a few minutes and I have to clear the crypto isakmp sa before traffic starts flowing again.

Am I missing something with my configurations when doing VPN's similar to these type of setup?

Attachment: 
I have this problem too.
0 votes
Correct Answer by sziaulla about 7 years 4 months ago

you need to configure dpd on the tunnel so that once the primary tunnel goes down the PIX should clear the SA's for that tunnel.

now based on the code you have 6.3(5), keepalive functionality is not available

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/c.html#wp1034654

thanks

-Syed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Actions

This Discussion