Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto map failover question

Hi,

I have two routers which have a point to point VPN to each other over EFM links. The point to point VPN works fine over the EFM's but each 1841 router also has an autofailover ADSL card. Now the failover works fine for everything other than the point to point VPN.

I've copied the relevant part of the configs below for each site.

Site 1:

crypto map VPN local-address FastEthernet0/1

crypto map VPN 1 ipsec-isakmp

set peer 9.9.9.9

set transform-set 3des

match address vpn

interface FastEthernet0/0

ip address 4.4.4.4 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 10

full-duplex

no cdp enable

crypto map VPN

!

interface FastEthernet0/1

ip address 8.8.8.8 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

Site 2:

crypto map VPN local-address FastEthernet0/1

crypto map VPN 1 ipsec-isakmp

set peer 8.8.8.8

set transform-set 3des

match address vpn

interface FastEthernet0/0

ip address 5.5.5.5 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 10

full-duplex

no cdp enable

crypto map VPN

!

interface FastEthernet0/1

ip address 9.9.9.9 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

The routed block from each routers Fasterhernet0/1 interface is also shared by the DSL on each router and if Fe0/0 goes down it automatically starts going over the DSL due to BGP.

I'm pretty sure the VPN however doesn't failover due to the "Crypto map VPN" being assigned to the FE0/0 interface on each router which is the WAN for the EFM. I thought that using the "crypto map VPN local-address FastEthernet0/1" statement would solve this but unfortunately not.

I've looked for a solution but haven't had any luck. Any suggestions most welcome

Thanks

Andrew

Everyone's tags (4)
1 REPLY
New Member

Re: Crypto map failover question

I actually figured it out. I didn't realise you could have two crypto map statements on two seperate interfaces. All working great

Cheers.

Sent from Cisco Technical Support iPad App

479
Views
0
Helpful
1
Replies
CreatePlease to create content