Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

two site to site tunnels exempting same traffic

Can i have multiple site to site vpn tunnel going to two different public ip addresses, but exempting same internal traffic?

Please see attached diagram for illustrated purposes.

Primary site has two ISPs (main isp and secondary isp).

DR site has one ISP.

Both ISPs at primary site are connected via internal router.

Main ISP at primary site is the default gateway until main isp is shut down and default route changed to secondary isp.

We are then unable to connect to our exchange servers at DR site because internal traffic at primary site (main isp) is still looking for servers located at DR site. DNS resovling to internal ip and not public ip.

So my question is, if i setup a second site to site tunnel from secondary ISP to DR site, will that cause any issues? Because i am exempting same internal traffic on two different tunnels.


two site to site tunnels exempting same traffic


As you have already mentioned it's a routing issue.

Why not to use dynamic routing for private addresses?

New Member

two site to site tunnels exempting same traffic

So i did some more research and i guess there is a way to setup a tunnel with two public ip addresses. One used as primary and the other used as secondary and only becomes active when primary ip stops responding.

So the configuration will look something like: crypto map Outside_map # set peer


thanks for looking and assisting everyone!

CreatePlease to create content