Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3454
Views
0
Helpful
0
Comments

How to configure multiple peer addresses for back-up under the same crypto map for the VPN with routers and PIX 500 series firewall

TCC_2
Level 10
Level 10

‎06-22-2009 05:04 PM - edited ‎03-08-2019 06:20 PM

Resolution

You can define multiple addresses for a peer to connect as back-up when the IPSec tunnel to the primary headend device fails. this is an example:

crypto map VPN 10 ipsec-isakmp

set peer 192.167.1.6

!--- The primary headend. 

set peer 192.168.1.9

!--- The secondary peer.

match address 111

set transform-set ESP-3DES

Make sure to adjust the routing so the traffic is sent accordingly.

The secondary device is contacted if the IPSec tunnel to the primary device fails to connect.

Note: This is also applicable to PIX Firewalls.

For more information, refer to the Creating Static Crypto Maps section of Configuring Security for VPNs with IPsec.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents