Cisco Support Community
Community Member

l2l tunnel 3005 and 3rd party router with backup dsl

I have been successful establishing a tunnel with a client using a Bintec router, they are the initiator of the tunnel. The problem I am having is getting their back dsl connection to work when the primary fails. There primary connection and secondary connection have different public IP's and their interanl remains the same. I tried 2 different SA's on the 3005 and determined that wouldn't. I then tried to set up their secondary tunnel on my secondary 3005 but am having problems getting the traffic to route back to them properly. How can I make this work with them being the initiator of the tunnel?


Re: l2l tunnel 3005 and 3rd party router with backup dsl

On a 3005 you can only put one peer IP in a L2L tunnel if it is set to "bi-directional" or "answer-only", but if you set it to "originate-only" you can specifiy up to 10 peers. Unfortunately you want it to answer, so none of these are what you want.

I think then that you need to look at a remote access setup, like when a 3002 connects in Network Extension Mode, as at

I'm not 100% sure whether that will work, because the 3005 needs to know the remote LAN subnet.

If it was acceptable to NAT then you could do that.

Also if you had a L2L tunnel for the primary peer, then set it up as a remote access VPN or a L2L for the backup peer with traffic being NATed, maybe that would work because the 3005 wouuld see it as two different sites?

I'm sure you couldn't just have two L2L VPNs for the smae subnets.


# Bi-directional: This VPN Concentrator can either initiate or accept IKE tunnels.

# Answer-only: This VPN Concentrator only accepts IKE tunnels; it does not initiate them.

# Originate-only: This VPN Concentrator only initiates IKE tunnels; it does not accept them.

CreatePlease to create content