Please bear with me as I am quite new to VPN's. I have an 837 ADSL router and would like to create two VPN tunnels back to different Juniper routers at the head office, with either vpn taking over if the other one fails. My questions,
1. Is this possible?
2. If it is then is there any sample configs anywhere
3. Will it be active/standby or can I load balance over the two VPN's
Thanks for the reply, we have two routers at the head office each with their own public IP address, both with the same crypto key. What I was thinking from your reply was to have two set peer statements in the crypto map with one being marked as the default and also two crypto key statements one for each peer ip? e.g
The requirement is : We need to have a tunnel with the other end that has 2 Juniper routers. At any given time the tunnel should be up with only one box. If one fails it should establish with the other.
If the is correct then it is possible. On your router, when you configure the crypto map, you will configure something like :
crypto map mymap 10 ipsec-isakmp
set peer a.b.c.d
set peer e.f.g.h
set transform-set my set
match address XXX
Where a.b.c.d is the IP of the primary Juniper router and e.f.g.h is of the secondary.
We tried this over the weekend and had limited success. If we had a tunnel established and the primary went away, then the 837 would establish with the secondary tunnel but only after a router reset (837) Similarly, if the primary came back the only way to re-establish the tunnel with the primary was again a router (837) reset.
Is this just a function of the cisco 837 talking to Juniper's or have I missed something. I can supply the config we are using if required.
Thanks for your help so far, it is much appreciated.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...