02-07-2011 07:37 AM
Hi all,
Currently, we got one 5510 in main office A, another 5510 in main office B. And we also have a 5505 in branch office C.
In office A, IP range is 192.168.1.0/24
In office B, IP range is 192.168.2.0/24
In branch C, IP range is 10.10.1.0/24
I have configured two IPsec Site to Site VPN in each firewall. A---B; A---C; B---C
Now, I want to configure branch C VPN failover, which means if Firewall A up and running. All 192.168.1.0 & 192.168.2.0 traffic will go S2S VPN between A and C.
If firewall A down, all traffic will go through secondray VPN between B and C.
So, how can I control the traffice by static route (Maybe the metic) in 5505?
Or any idea?
Thanks guys!
02-07-2011 12:13 PM
Perhaps you could use SLA route tracking (like in this post https://supportforums.cisco.com/message/3071388#3071388) and/or use backup peers (ie set two peers under the same crypto map sequence instead of having one peer in two different crypto map sequences).
02-07-2011 01:03 PM
Hi thanks for you information. however, I do not think that is SLA issue. (May be i am not right)
Because this is not two ISP, this is two IPsec tunnels.
I will try cypto map tonight and give a update to you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide