is it possible to establish two IPSEC VPN tunnels to a single remote peer?
I currently have two ISP connections and i wanted to make two tunnels for failover but im not sure if there is an issue on the tunnel groups since i would end up having only on tunnel group for both the tunnel.
If you have PIX/ASA/VPNC on both ends you can use the backup Lan-to-Lan feature.
The end that will connect to multiple ip-addresses should be configured as originate-only with the set connection-type command, and use the crypto map set peer command to order the priority of the peers.
The other end should be configured with the answer-only keyword.
The originate-only end attempts to negotiate with the first peer in the list. If that peer does not respond, the ASA works its way down the list until either a peer responds or there are no more peers in the list.
In that case I am not sure. But if the other end permits multiple peer statements you can try to just configure your end as answer-only, or do nothing and see what happens. It mostly depends on how the multitech handles redundancy, the ASA side only has one address to connect to.
A router on each side eould provide much better redundancy by running DMVPN.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...