cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
227
Views
0
Helpful
1
Replies

VPN Connectivity for Primary and DR sites

farancci1
Level 1
Level 1

We have IPSec VPN connectivity to our clients as our primary link and now we are also planing to setup DR over VPN however I cant figure out how to configure client site routers, because of financial issues we have to use the same router on client site for production and DR. We do not run any routing protocol with client (all Static).

The issues I have

1) how to setup 2 separate tunnels on the same routers for the same traffic (source and destination will remain same)

2) The DR tunnel should not come up as long as the primary connection is good.

1 Reply 1

jackko
Level 7
Level 7

providing the business requirements above, one way is to setup a secondary vpn peer on the router.

e.g.

crypto map vpnmap 10 ipsec-isakmp

set peer 10.0.0.1

set peer 192.168.1.1

set transform-set vpnset

match address 100

with the sample above, the router will always try establishing a vpn with 10.0.0.1. the router will try 192.168.1.1 if and only if 10.0.0.1 fails.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: