Redundant VPN Configuration

Unanswered Question
Oct 8th, 2005
User Badges:
  • Bronze, 100 points or more

I currently have a 3725 with 30+ tunnels, there are 837's on the remote ends. For about 10 of the tunnels I want to build another tunnel to an ASA, so that if one goes down the other one passes the traffic. Trying to figure out if I can just add the most preffered one with a lower crypto map?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jackko Sat, 10/08/2005 - 19:25
User Badges:
  • Gold, 750 points or more

when you configure lan-lan vpn on 837, it is possible to configure more than one peer for redundancy.


crypto map mymap 10 ipsec-isakmp

set peer

set peer

set transform-set myset

match address 100

apavlikova Fri, 06/09/2006 - 00:19
User Badges:


I've configured my devices as you describe.

But what is behaviour like with setting two peers?

That scenario is working in case the tunnel is going to be established (837 will try vpn peer 1 and if there's no response, it will try the vpn peer 2).

But once the tunnel is established to the first peer and and that peer will fall down, 837 router will not inicialize new vpn connection to second peer. Or am I wrong?



This Discussion