Hi Kanishka,

Thanks for the reply, we have two routers at the head office each with their own public IP address, both with the same crypto key. What I was thinking from your reply was to have two set peer statements in the crypto map with one being marked as the default and also two crypto key statements one for each peer ip? e.g

crypto ipsec key Pre-Shared-Secret address x.x.x.1

crypto ipsec key Pre-Shared-Secret address x.x.x.2

crypto map static-map 1 ipsec-isakmp

set peer x.x.x.1 default

set peer x.x.x.2

Am I along the right lines here? Also if the default VPN fails, is there any way for the router to automatically fail back to the default when it comes back on-line? Someone has mentioned DPD?

Thanks for your help.

Regards

Andy.

You'r absolutely right. Except for the fact that, in this case, the tunnel can be originated from this router only.

Isakmp keepalives, might help you, but they do not work with the Non Cisco devices. So, in this case the "default" keyword will help you.

*Please rate if this helped.

-Kanishka

Hi Kamal,Kanishka

We tried this over the weekend and had limited success. If we had a tunnel established and the primary went away, then the 837 would establish with the secondary tunnel but only after a router reset (837) Similarly, if the primary came back the only way to re-establish the tunnel with the primary was again a router (837) reset.

Is this just a function of the cisco 837 talking to Juniper's or have I missed something. I can supply the config we are using if required.

Thanks for your help so far, it is much appreciated.

Regards

Andy.

Hi,

You might wanna go through this document :

http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803f86ca.html#wp1066659

Even though Keepalives do not work with third part vendor devices, still you can try implementing it.

*Please rate if helped.

-Kanishka