VPN failover configuration in Cisco 2851

Unanswered Question
Aug 30th, 2010
User Badges:
  • Silver, 250 points or more

Hi,

I have a Cisco 2851 (c2800nm-advipservicesk9-mz.124-25d.bin) Router configured with one site-to-site vpn. Is it possible to configure a failover vpn tunnel on this router?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
NAGISWAREN2 Thu, 09/02/2010 - 23:57
User Badges:

Hi.


Its possible to do failover for VPN. What is your requirement? Do you have redundent internet link? I have been working for VPN failover for more than 100 branches to HQ.

Anand Narayana Fri, 09/03/2010 - 00:19
User Badges:
  • Silver, 250 points or more

YES i have 2 ISP. VPN is configured with ISP-1 & ISP-2 is just lying idle. So wanted to make use of that for vpn failover. Please let me know the configuration for the same.

NAGISWAREN2 Fri, 09/03/2010 - 00:24
User Badges:

Hi ,


There is nothing much need to configure in VPN. Create ISAKMP policy, tranform set, crypto map and apply to backup ISP interface.


Now the trick is play around at default routing.


Can u provide me your default routing config for both ISP?

rechard_david Sat, 04/16/2011 - 08:32
User Badges:

Dear all,


I would like to continues to ask about this question that VPN failover configuration, so i would like to know how to configure VPN fail over config, At HQ i have one router and two connection(2Wan)  and branches i have one router and two connection too (2Wan) and i can to to failover VPN over ipsec, So i all of you have commant on this please help to show me?


Best Regards,

Rechard

cciesec2011 Sat, 04/16/2011 - 12:15
User Badges:

Anyone preparing for the CCIE Security lab knows that this is a very simple configuration. The key here is the "crypto map vpn local-address lo0" and that the loopback lo0 ip address must be reachable from both sides for the VPN to be established.  Configuration is below:


HQ:


interface g0/0/0 
  ip address 1.1.1.1 255.255.255.0
  crypto map vpn


interface g0/0/1
  ip address 1.1.2.1 255.255.255.0
  crypto map vpn


interface lo0
  ip address 1.1.3.1 255.255.255.0
  crypto map vpn


ip address g0/0/2
  ip address 192.168.1.1 255.255.255.0


ip access-list extended branch_1
  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255


crypto isakmp key cciesec2011 address 2.2.3.1 no-xauth


crypto iskakmp policy 10
  authen pre
  hash sha
  encr aes 256
  group 5
  life 86400


crypto ipsec trans tset esp-aes 256 esp-sha-hmac


crypto map vpn local-address lo0
crypto map vpn 10 ipsec-isakmp
  set peer 2.2.3.1
  set trans tset
  set pfs group5
  set security life sec 3600
  match add branch_1



branch_1:


interface g0/0/0 
  ip address 2.2.1.1 255.255.255.0
  crypto map vpn


interface g0/0/1
  ip address 2.2.2.1 255.255.255.0
  crypto map vpn


interface lo0
  ip address 2.2.3.1 255.255.255.0
  crypto map vpn


ip address g0/0/2
  ip address 192.168.2.1 255.255.255.0


ip access-list extended HQ
  permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255


crypto isakmp key cciesec2011 address 1.1.3.1 no-xauth


crypto iskakmp policy 10
  authen pre
  hash sha
  encr aes 256
  group 5
  life 86400


crypto ipsec trans tset esp-aes 256 esp-sha-hmac


crypto map vpn local-address lo0
crypto map vpn 10 ipsec-isakmp
  set peer 1.1.3.1
  set trans tset
  set pfs group5
  set security life sec 3600
  match add HQ

rechard_david Sat, 04/16/2011 - 18:02
User Badges:

Dera Sir,


I'm glad to see you advice and your command,

I would like to show my diagram and i would like to do on my diagram, Could you advice if possible if i do  interface lo0? If have any many branches do i use interface lo0?and you let me me know why we use interface lo0 i not clear about this command ?


Best Regards,

Rechard

rechard_david Sat, 04/16/2011 - 18:03
User Badges:

Dera Sir,


I'm glad to see you advice and your command,

I would like to show my diagram and i would like to do on my diagram, Could you advice if possible if i do  interface lo0? If have any many branches do i use interface lo0?and you let me me know why we use interface lo0 i not clear about this command ?


Best Regards,

Rechard

Attachment: 
rechard_david Mon, 06/06/2011 - 05:44
User Badges:

Dear All,


Do you have any update on this ?

it very urgent!!! please help !!!



Best Regards,

Rechard

Actions

This Discussion