Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1199
Views
0
Helpful
1
Replies

IPSec Rule priority question

dpl_cisco
Level 1
Level 1

‎07-21-2010 11:56 PM - edited ‎02-21-2020 04:45 PM

Hi

Our main office has a Cisco ASA 5505 with IPSec tunnel connected to a remote office with a failover ADSL and wireless broadband connection. I am able to successfully establish the IPSEC tunnel over both the remote ADSL or wireless connection if configured independantly on the ASA 5505.

I have created 2 IPSec tunnel''s on the ASA to handle both of the WAN IP Addresses in the event of the remote site failing over to the second connection. The problem lies in the IPSEC Rule. You can only configure 1 remote host IP per rule. I have created 2 rules with a different priority number. however when the WAN address on the remote site changes the ASA does not recognise the lower priority IPSEC rule and hence the VPN connection does not establish itself. If I change the priority of the IPSEc rule at this point the VPN connects. I would like to achieve this automatically or configure things in the correct way which would allow me to achieve this.

Please help

Thanks in advanced

Labels:
0 Helpful
1 Reply 1

Jitendriya Athavale
Cisco Employee
Cisco Employee

‎07-22-2010 05:52 AM

if i understand what you want this is what you need to do

set

for example

set peer 1.1.1.1 2.2.2.2

0 Helpful
Customers Also Viewed These Support Documents