Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
1
Replies

site to site VPN peer ip address for failover

vinodk_gupta
Level 1
Level 1

‎12-18-2013 01:45 AM - edited ‎03-11-2019 08:19 PM

Hi,

while creating site to site VPN/IPSec Tunnel on cisco ASA, can we put two peer ip address, one will be primary & other ip wiil be secondary when primary ip will not rechable.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎12-18-2013 02:46 AM

You are probably not talking about an ASA-FO-system? There you don't need to configure two peers as the ip address will move to the secondary ASA when the primary fails.

If the two peers are individual boxes, then you can specify two peers in the "set peer" statement of your crypto map. If you use Pre-Shared-Keys, then you also have to configure a second tunnel-group for the backup-peer.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card