Hello,

I have recently been tasked at my job with trying to configure a one-off. I have a Cisco 2811 that normally has a VPN connection back to our main office via a single interface. My crypto looks like the following:

crypto ipsec client ezvpn TEST

connect auto

group TEST key TEST

mode network-extension

peer 192.168.1.1

username test password test1

xauth userid mode local

I have a SVI configured as follows:

interface Vlan2

description **FW_INSIDE**

ip address 10.1.0.160 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

no autostate

crypto ipsec client ezvpn TEST inside

My Serial interface configuration as follows:

interface Serial0/0/0.1 point-to-point

ip address 172.16.1.5 255.255.255.252

ip verify unicast reverse-path

ip nat outside

ip virtual-reassembly

no cdp enable

frame-relay interface-dlci 500 IETF

crypto ipsec client ezvpn TEST

The configuration works just fine. What I've been asked to do though is giving me problems. Lets say I have multiple Serial interfaces. And based on which one is turned on, or plugged in, it will utilize THAT serial interface to create the VPN tunnel.

So lets say I have Serial0 and Serial1. My company wants it that if Serial1 is plugged in, it will use Serial1 to create the tunnel. If Serial0 is plugged in and Serial0 is unplugged, it will use Serial0.

I hope the above nonsense actually makes sense. Basically, when this device is deployed, they don't want to have to go and do any reconfiguration on the router. They just want the system to be smart enough to know which interface is plugged in, up and active and use that interface to create the tunnel. Any assistance would be greatly appreciated.