Cisco Support Community
Community Member

IPSec Rule priority question


Our main office has a Cisco ASA 5505 with IPSec tunnel connected to a remote office with a failover ADSL and wireless broadband connection. I am able to successfully establish the IPSEC tunnel over both the remote ADSL or wireless connection if configured independantly on the ASA 5505.

I have created 2 IPSec tunnel''s on the ASA to handle both of the WAN IP Addresses in the event of the remote site failing over to the second connection. The problem lies in the IPSEC Rule. You can only configure 1 remote host IP per rule. I have created 2 rules with a different priority number. however when the WAN address on the remote site changes the ASA does not recognise the lower priority IPSEC rule and hence the VPN connection does not establish itself. If I change the priority of the IPSEc rule at this point the VPN connects. I would like to achieve this automatically or configure things in the correct way which would allow me to achieve this.

Please help

Thanks in advanced

Everyone's tags (4)
Cisco Employee

Re: IPSec Rule priority question

if i understand what you want this is what you need to do


for example

set peer

CreatePlease to create content