Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure multiple peer addresses for back-up under the same crypto map for the VPN with routers and PIX 500 series firewall

Resolution

You can define multiple addresses for a peer to connect as back-up when the IPSec tunnel to the primary headend device fails. this is an example:

crypto map VPN 10 ipsec-isakmp

set peer 192.167.1.6

!--- The primary headend. 

set peer 192.168.1.9

!--- The secondary peer.

match address 111

set transform-set ESP-3DES

Make sure to adjust the routing so the traffic is sent accordingly.

The secondary device is contacted if the IPSec tunnel to the primary device fails to connect.

Note: This is also applicable to PIX Firewalls.

For more information, refer to the Creating Static Crypto Maps section of Configuring Security for VPNs with IPsec.

2121
Views
0
Helpful
0
Comments