Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failover VPN -Tunnel

HI, Friends

I have a pix515 at hyderabad and other at Delhi both are in vpn-tunnel, i would like to have one more vpn-tunnel configured with different isp provider on both locations along with the current tunnel, This should act like a failover to the first tunnel. Is this possible. ??

Thx

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Failover VPN -Tunnel

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.

1 REPLY

Re: Failover VPN -Tunnel

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.

121
Views
0
Helpful
1
Replies
CreatePlease login to create content