Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router based S2S VPN

Hi All,

Please let me know how can we configure S2S to two different VPN peers from the same router and the source and destination encryption domain is also the same. Only difference is Peer IPs.

This is actually for DR.

Thanks in Advance.

Regards,

Suresh Kumar

8 REPLIES

Re: Router based S2S VPN

You can't configure this, if you define same source and destination for both tunnels with the router will always use the crypto that matches first on the vpn parsing, meaning the crypto map with the lower sequence number.

New Member

Re: Router based S2S VPN

Hi Martino,

Thanks for the info. But is there any other way to this. The main aim is if S2S tunnel goes down the traffic should flow through alternate one which is to different peer IP.

Regards,

Suresh Kumar

Re: Router based S2S VPN

In your situation, you can use GRE/IPSEC tunnel on both tunnels and let dynamic routing handle the failover situation, having 2 different peers, both having same network behind, you can easily define a gre/ipsec tunnel to redistribute via OSPF or eigrp or any Routing protocol you need, the same network, and make the failover condition to happen by setting a preferred path.

New Member

Re: Router based S2S VPN

do you have any sample configuration for the above solution.

Hall of Fame Super Blue

Re: Router based S2S VPN

Suresh

An alternative to Ivan's approach is that you can specify multiple peers in the same crypto map entry so if the first peer goes down the second will be used. Basically the first peer to respond will be used -

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s2.html#wp1046908

Jon

Re: Router based S2S VPN

This however causes a bit of downtime, unlike GRE :)

New Member

Re: Router based S2S VPN

When we configure multiple Peer ips

if the first peer is not reachable then it will take second peer IP and establish the S2S VPN.

Whether is there any way where in we can configure auto rollback to first peer ip.

257
Views
5
Helpful
8
Replies