Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dual WAN VPN solution

Hi All,

I am trying to get a 2811 to accept two IPSec peers however can only get one working at a time.

I have setup fa0/0 and fa0/1 with their own public facing IP addresses with crypto maps associated to each interface however can only establish connectivity to one interface at any one time. I suspect i need to implement route maps however am not 100% on this and would like some advice.

Relevent configuration below:

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

lifetime 28800

crypto isakmp key password address x.x.x.x

crypto isakmp key password address y.y.y.y

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

!

crypto map Crypto-Map-01 101 ipsec-isakmp

set peer x.x.x.x

set transform-set ESP-3DES-MD5

set pfs group2

match address 101

!

crypto map Crypto-Map-02 102 ipsec-isakmp

set peer y.y.y.y

set transform-set ESP-3DES-MD5

set pfs group2

match address 102

!

!

!

interface FastEthernet0/0

ip address a.a.a.a 255.255.255.0

duplex auto

speed auto

crypto map Clec-Crypto-Map-01

!

interface FastEthernet0/1

ip address b.b.b.b 255.255.255.0

duplex auto

speed auto

crypto map Knox-Crypto-Map-02

!

ip route 0.0.0.0 0.0.0.0 a.a.a.a

ip route 0.0.0.0 0.0.0.0 b.b.b.b

1 REPLY

Re: Dual WAN VPN solution

your default routes imply load balancing.

Also why separate external addresses? Keep it simple with one external interface and multiple tunnel end points.

Sent from Cisco Technical Support iPad App

280
Views
0
Helpful
1
Replies
CreatePlease to create content