Cisco Support Community
Community Member

Creating VPN redundancy at multiple sites

Hi all,


I am working on a design and configuration for a company network where all of the locations have or are going to have dual ISPs for redundancy.  I have everything configured the way I want it and working except for the VPNs.  All of the branches come back to the main location for their servers and run through single VPN tunnels.  But when the addition of the second ISP to each location comes what is the best way to make the VPNs redundant as well.  I have tried to use 2nd peer addresses in crypto maps but it intermittently has issues.  A user on here recommended DMVPN which I have set up in a test with single ISPs and I love it, works great.  But how would I make this DMVPN cloud redundant?  Do I have to just create a second cloud and always have the circuits at all location fail over to the second DMVPN cloud even if technically not all location primary circuits have dropped, or is there a way to make the GRE tunnels redundant through both ISP circuits back to the hub. Any information or thoughts would be greatly appreciated.


Thanks everyone,



Everyone's tags (1)

Hi  When you say VPN I am



When you say VPN I am guessing that it's a Internet L2L VPN , if so then have a look at this



Please rate it 

Community Member

Thank you very much for your

Thank you very much for your reply zulqurnain, this solution worked well when the branch locations had only one ISP, but they are also going to be redundant.  That is where the intermittent issues arose.  That is why someone suggested the DMVPN idea.

Community Member

Hi MYes DMVPN is the best

Hi M

Yes DMVPN is the best answer.

Regards Conwyn

CreatePlease to create content