Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
2
Replies

VPN Concentrator 3005 - multiple peers

insccisco
Level 1
Level 1

‎05-23-2008 07:26 AM

Hey Guys,

I trying to setup l2l failover and my 3005 in one end can't do multiple peers unless is configured as originate-only.

My other end, an 1841, has 2 ISPs. Basically what I need is this site to always have l2l connectivity to the VPN 3005 side even if ISP1 is down.

Traffic will always be originating from this 1841 branch office, so this is the reason I don't want to make the 3005 originate-only, unless anyone can tell me how to "force" the 3005 to bring up the tunnel in the event that the 1841 side ISP1 goes down and their ISP2 becomes the active one?

What's the best way to accomplish this?

Is there any keep-alive I can setup in the 3005 to always have it ping the 1841 side?

thanks

Labels:
0 Helpful
2 Replies 2

smalkeric
Level 6
Level 6

‎05-29-2008 11:24 AM

You can configure only one LAN-to-LAN connection with each VPN Concentrator (or other secure gateway) peer. You must configure identical basic IPSec parameters on both VPN Concentrators and configure mirror-image private network addresses or network lists.

0 Helpful

srue
Level 7
Level 7
In response to smalkeric

‎05-29-2008 11:45 AM

configure a vpn group on the 3005 and then configure ezvpn client on the remote site to automatically come up. make the remote site network extension mode and allow network extension mode on the 3005.

ez enough?

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

0 Helpful
Customers Also Viewed These Support Documents