Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redundant VPN Tunnels

Greetings All,

I'm trying to figure out if it is possible to setup redundant VPN tunnels for the remote end. One of my customers are purchasing devices for their remote locations that have both a wired and a wireless connection, each connection having it's own IP address. So the scenario would look something like:

Home Office:

Local Network:

External IP address:

Remote Location:

Local Network:

External IP address wired:

External IP address wireless:

Is it possible to configure the ASA5510 to initiate a VPN tunnel to by default, but if unable to establish a tunnel, attempt to connect to instead?

Thanks for any advice you can provide.

Everyone's tags (2)

Redundant VPN Tunnels

Hi Kyle,

You can set up the redundant VPN tunnels with the help of SLA monitoring. SLA monitoring defines which interface would be active and accordingly with which IP the tunnel would be negotiated.
On your side, you can set the primary and backup peers with this command:

crypto map set peer

Along with this, we need to create two tunnel groups for both the peers.

On Remote end, SLA monitoring will be configured and crypto map should be enabled on both the interfaces

This can be achieved with the following commands:

crypto map interface primary

crypto map interface secondary

sla monitor x

type echo protocol ipIcmpEcho interface primary

num-packets 3

frequency 10

sla monitor schedule x life forever start-time now

track 1 rtr x reachability

route primary 1

route backup  254

Please go through the given document that explains the Redundant ISP configuration in detail

Hope that helps.


Dinesh Moudgil