Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Question about LAN to LAN vpn

Hi to everyone,

I have a question about VPN, i have Cisco 1941(with security lic) and i have been asked to make a VPN with public IP addresses so there will be no info about internal networks. Other side has ASA 5520 and they provided me with 2 public IP addresses. i have done many different VPNs but this is first with public IP addresses and i cannot figure it out.

So here is the question:

1. How to do it ? (maybe some example)

2. Do i need two public IPs to do it ?

  • VPN
New Member

Question about LAN to LAN vpn


May be you have been provided with 2 public IP addresses   because one is the failover for the other. In that case, you can

configure 2 vpn peer for the same crypto map.

crypto map MYVPN 1 ipsec-isakmp

set peer PUBIP_ONE

set peer PUBIP_TWO

set transform-set TRANSFORM-SET

match address 100

qos pre-classify

In that case, the router would try to negociate the VPN with the first IP and if it fails, it would try with the second.

If the tunnel traffic is initiate by the ASA, any of the two addresses that begin to negociate the tunnel would managed to negociate.