Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1220
Views
0
Helpful
1
Replies

IPSEC VPN High-Availability on Single Router

bforan
Level 1
Level 1

‎11-20-2020 12:27 PM

Hey All,

 

I have seen that you are unable to apply a Crypto-Map to a Tunnel interface or Port-Channel, so I am looking for alternative solutions.  I have a single router terminating IKEv2 tunnels with 1 Public / 1 Private Interface.  I am looking to find a redundant solution where I can use 2 Public / 2 Private.  We are running an ACI environment and when I preform switch upgrades I am rebooting odd/even switches.  When I reboot the switch with the single Public interface I loose my site-to-site VPNs.  I am hoping to find a solution were the VPN traffic remains connected but uses the second link.

 

I have many tunnels from different Vendors terminating to this cisco router and I am not able to have a secondary IP address as a failover IP. 

 

Thanks for your input.

Labels:
0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎11-20-2020 01:05 PM

config loopback 

config crypto map 

local-address is loopback 

apply this crypto under each public interface you get.

this give you one IPSec SA with dual outgoing interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents