Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

How Do You Establish a Backup VPN Tunnel between Two Routers?

admin_2
Level 3
Level 3

‎07-02-2002 11:17 AM - edited ‎02-21-2020 11:51 AM

I have 2 routers on the Internet. An IPSec virtual private network (VPN) tunnel has been established between them using ip route statements, not routing protocols. One of the routers has two interfaces to the Internet; one is for backup. What is the simplest way to establish a a second VPN tunnel if the first link should go down?

Labels:
0 Helpful
1 Reply 1

Not applicable

‎07-02-2002 11:17 AM

The best thing to do is to let routing handle the failover, using the following steps:

  1. Build a normal backup interface configuration.

  2. Then build a generic routing encapsulation (GRE) tunnel and source it from the local router to the remote router using loopbacks.

  3. Change the crypto map to encrypt the GRE peers rather than the IP networks. If you do it this way, the loopbacks are always up, and therefore so is the GRE tunnel. If the GRE tunnel is up, the traffic is encrypted.

    4. Using GRE removes the issue of stale security associations (SAs) existing and preventing the IPSec tunnel from re-forming after an interface hit.

    For more information, see GRE over IPSec<

    0 Helpful
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents