Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN Failover

Need help to verify my design. I have 1 router1841 and pix515.2 isp link connect to router1841 and 1 isp link connect to pix515.My intention is to do redundancy ipsec vpn. will this design achivable? Thanks.

2 REPLIES
Silver

Re: IPSEC VPN Failover

Yes its possible but ensure you configured the right settings before you proceed. For more about the design use this.

http://cisco.com/web/psa/products/tsd_products_support_design.html

Re: IPSEC VPN Failover

You will want to employ some of the HA configuration found in the doc below to automate the failover process between the two ISP connections.  If configuring a static crypto map, you can configure one or more peer IPs for failover.  In this scenario, you will want to make sure that ISAKMP keepalives are correctly configured on both the 1841 and PIX so that the stale SAs can be timed out more quickly.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a00809454c7.shtml


crypto map CMAP 10 ipsec-isakmp
set peer 10.0.0.1 default
set peer 10.1.1.1
set transform-set TSET
match address INTERESTING

176
Views
0
Helpful
2
Replies
CreatePlease to create content