Solved: Failover VPN -Tunnel

mabdulcisco123 · ‎09-11-2008

HI, Friends

I have a pix515 at hyderabad and other at Delhi both are in vpn-tunnel, i would like to have one more vpn-tunnel configured with different isp provider on both locations along with the current tunnel, This should act like a failover to the first tunnel. Is this possible. ??

Thx

francisco_1 · ‎09-11-2008

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.

View solution in original post

francisco_1 · ‎09-11-2008

on the PIX 515 you can use Static route tracking is used to achieve this redundancy

see this http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml.

Beware that this design is a single point of failure. I would have two seperate firewalls.

Once you setup the multiple internet on the PIX's, then you create the second tunnel. you might have to do NAT on the second tunnel to prevent any conflict between your local/remote subnet in your ipsec interesting traffic.