We have 2 Internet link from different ISP terminated on same cisco router. One acts as a primary link and other as secondary link. Secondary link is a backup and will be active only when primary link fails. We have Cisco PIX 506 firewall which also acts as an VPN client will function only when primary link is active. VPN does not function when secondary link is active ie when primary link goes down. I have static route on the router. Please help ASAP
I am assuming you probably have 2 sets of public addresses 1 set from ISP A and another from ISP B in the event of ISP A going down the FW will have to have a new nated PUBLIC address, well you would NAT in this case on the router and provide route maps to use 2 NAT pools and have 1 static translation for each set of pools to identify as peer FW. your other side will have to have 2 crypto peers in depending on which ISP the FW is using unless you use a wildcard peer. (those options entirely depend on what your terminating against that FW.) This is all guesswork unless you can post an edited copy of the rtr config and IPSEC parameters of each side.
Yes you are absolute right and you have a great imagination. This will work. Due to security reason I am not in a position to mail you the config. Can you assign some dummy ip adress and mail me the config on router and pix. My other side has already 2 crypto peers. Thanks in advance.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :