Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redundant VPN design

I am planning to implement a Cisco 2801 and a Cisco 3640 at Corporate. Keep in mind both routers have a T1. I also have over 30 sites which will have Cisco 1801s.

My plans is to implement at corporate GLBP for redundancy for internet and load balancing. How would I do redundancy for the VPN tunnels being terminated at Corporate?

It is to my understanding for GLBP to work I will need IOS 12.2T, but will this IOS release also allow me for redundant VPN?


Re: Redundant VPN design

when configuring crypto for the remote sites, you can configure multiple peers for backup.


crypto map mymap 10 ipsec-isakmp

set peer <2801 public ip>

set peer <3640 public ip>

set transform-set myset

match address 100

at the main site, you may configure the vpn as normal, providing the glbp works as expected.

New Member

Re: Redundant VPN design

With this in mind, then wouldn't there be 2 tunnels? One going to the 2801 and 3640? I know I have to configure the tunnels on the 2801, but I also believe I need to duplicate the configuration on the 3640.

This is my config for the GBLP:

Router 2801

interface fa 0/0

ip address

glbp 10 ip

Router 3640

interface fa0/0

ip address

glbp 9 ip

Will this GLBP configuration make my 2801 as the AVG and the 3640 as the Standby?


Re: Redundant VPN design

the glbp command seems inaccurate.

i guess both of them should be in the same group, and then apply "priority" command to focus which router to be the primary and secondary.

for more details: