05-23-2008 07:26 AM
Hey Guys,
I trying to setup l2l failover and my 3005 in one end can't do multiple peers unless is configured as originate-only.
My other end, an 1841, has 2 ISPs. Basically what I need is this site to always have l2l connectivity to the VPN 3005 side even if ISP1 is down.
Traffic will always be originating from this 1841 branch office, so this is the reason I don't want to make the 3005 originate-only, unless anyone can tell me how to "force" the 3005 to bring up the tunnel in the event that the 1841 side ISP1 goes down and their ISP2 becomes the active one?
What's the best way to accomplish this?
Is there any keep-alive I can setup in the 3005 to always have it ping the 1841 side?
thanks
05-29-2008 11:24 AM
You can configure only one LAN-to-LAN connection with each VPN Concentrator (or other secure gateway) peer. You must configure identical basic IPSec parameters on both VPN Concentrators and configure mirror-image private network addresses or network lists.
05-29-2008 11:45 AM
configure a vpn group on the 3005 and then configure ezvpn client on the remote site to automatically come up. make the remote site network extension mode and allow network extension mode on the 3005.
ez enough?
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide