Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Redundant VPN Configuration

I currently have a 3725 with 30+ tunnels, there are 837's on the remote ends. For about 10 of the tunnels I want to build another tunnel to an ASA, so that if one goes down the other one passes the traffic. Trying to figure out if I can just add the most preffered one with a lower crypto map?

2 REPLIES
Gold

Re: Redundant VPN Configuration

when you configure lan-lan vpn on 837, it is possible to configure more than one peer for redundancy.

e.g.

crypto map mymap 10 ipsec-isakmp

set peer

set peer

set transform-set myset

match address 100

Community Member

Re: Redundant VPN Configuration

Hi,

I've configured my devices as you describe.

But what is behaviour like with setting two peers?

That scenario is working in case the tunnel is going to be established (837 will try vpn peer 1 and if there's no response, it will try the vpn peer 2).

But once the tunnel is established to the first peer and and that peer will fall down, 837 router will not inicialize new vpn connection to second peer. Or am I wrong?

Thanks.

101
Views
0
Helpful
2
Replies
CreatePlease to create content