Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

l2l vpn pix ISP failover

I have a l2l vpn with a pix at our main site and a 1811 at a remote site. Our pix is configured for isp failover using tracking.

Currently the vpn tunnel is only configured between the pix and the 1811 using the primary isp on the pix not the backup isp.

What I need to happen is when the pix fails over to the backup isp a tunnel is established to the 1811. All vpn traffic should use the primary connection on the pix until the backup connection is in use.

Can someone point me in the right direction? Thanks

New Member

Re: l2l vpn pix ISP failover

I've done this by configuring the IOS router by just configuring a 2nd peer. You'll have to configure a second crypto key if you use specific addresses in your crypto key command line. You'll also need to adjust routes/acls as necessary. If you configure your first peer with your primary isp ip and bring up the tunnel, then it will use that. Then configure your second peer. Only on failure will the second peer be used.

Now with this simple config, if your primary isp comes back up, you may have to manually force your 1811 to use the primary isp path.

CreatePlease login to create content