l2l tunnel 3005 and 3rd party router with backup dsl
I have been successful establishing a tunnel with a client using a Bintec router, they are the initiator of the tunnel. The problem I am having is getting their back dsl connection to work when the primary fails. There primary connection and secondary connection have different public IP's and their interanl remains the same. I tried 2 different SA's on the 3005 and determined that wouldn't. I then tried to set up their secondary tunnel on my secondary 3005 but am having problems getting the traffic to route back to them properly. How can I make this work with them being the initiator of the tunnel?
Re: l2l tunnel 3005 and 3rd party router with backup dsl
On a 3005 you can only put one peer IP in a L2L tunnel if it is set to "bi-directional" or "answer-only", but if you set it to "originate-only" you can specifiy up to 10 peers. Unfortunately you want it to answer, so none of these are what you want.
I'm not 100% sure whether that will work, because the 3005 needs to know the remote LAN subnet.
If it was acceptable to NAT then you could do that.
Also if you had a L2L tunnel for the primary peer, then set it up as a remote access VPN or a L2L for the backup peer with traffic being NATed, maybe that would work because the 3005 wouuld see it as two different sites?
I'm sure you couldn't just have two L2L VPNs for the smae subnets.
# Bi-directional: This VPN Concentrator can either initiate or accept IKE tunnels.
# Answer-only: This VPN Concentrator only accepts IKE tunnels; it does not initiate them.
# Originate-only: This VPN Concentrator only initiates IKE tunnels; it does not accept them.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...