Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How Do You Establish a Backup VPN Tunnel between Two Routers?

I have 2 routers on the Internet. An IPSec virtual private network (VPN) tunnel has been established between them using ip route statements, not routing protocols. One of the routers has two interfaces to the Internet; one is for backup. What is the simplest way to establish a a second VPN tunnel if the first link should go down?


Re: How Do You Establish a Backup VPN Tunnel between Two Routers

The best thing to do is to let routing handle the failover, using the following steps:

  1. Build a normal backup interface configuration.
  2. Then build a generic routing encapsulation (GRE) tunnel and source it from the local router to the remote router using loopbacks.
  3. Change the crypto map to encrypt the GRE peers rather than the IP networks. If you do it this way, the loopbacks are always up, and therefore so is the GRE tunnel. If the GRE tunnel is up, the traffic is encrypted.
  4. Using GRE removes the issue of stale security associations (SAs) existing and preventing the IPSec tunnel from re-forming after an interface hit.

    For more information, see GRE over IPSec<

    CreatePlease to create content