Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1592
Views
1
Helpful
16
Replies

Single ASA connects to end point via 2 separate IKEv2 s2s tunnels

Youreateapot418
Level 1
Level 1

‎01-12-2025 03:39 AM

Like the title says, I am looking to setup a connection to an endpoint, but, with connectivity via 2 x IKEv2 tunnels (I've only even done single tunnels). 

It appears to me that if we set them up in paralell, we would run into all sorts of NAT issues etc... (all same networks and setting, just 2 independent tunnels). 

Tunnels will be in primary and secondary setup (i.e. only one used at a time).

When searching documents on it, I keep getting dragged into VPN client setups, I want site to site VPN tunnels.

Also, I have been advised this can be done in tunnels groups and crypto maps, but not sure how. 

Any advice or links greatly appreciated. 

atunnels.png

16 Replies 16

Youreateapot418
Level 1
Level 1
In response to Rob Ingram

‎01-12-2025 04:58 AM

That makes sense, and also makes sense as to why I don't see any further options in ASDM. 

Thanks again @Rob Ingram & @MHM Cisco World ... will get onto labbing up the above solutions and see what works best with our setup.

0 Helpful

ccieexpert
VIP
VIP

‎01-12-2025 10:50 AM

if you establish two crypto map sequences, the 2nd one will never get matched, as it is a first match.. like others said you can define 2 peers on the same crypto map and it will detect failure and failover. To be honest, that is a bit clunky, and i would really suggest you take the time to do a VTI based - which is route based to failover. It is not that difficult. Ping here if you need help..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card