04-05-2015 03:21 AM - edited 03-05-2019 01:10 AM
Hello all,
My cisco router have redundant Internet link with public Ip address , one is primary while other is secondary .
My remote user have cisco VPN client software on their laptop with IP address of the primary link configured.
Now i also wanna have the secondary link public address pre-configured on their laptop so that if my primary internet link fails , they should be able to use the secondary Ip
Can someone suggest what additional configuration would require by me on cisco router to have both wan link use for VPN client
Regards
Tejas
Solved! Go to Solution.
04-13-2015 05:02 AM
Hi Tejas,
On this case, I would recommend you to test this on a maintenance window(so may disable the primary unit and test the standby), so you will be able to see if the backup route and the NAT exempt on the secondary interface is taking precedence and working as expected.
Please proceed to rate both Posts and mark you questions as answered!
David Castro,
Regards,
04-05-2015 12:41 PM
Hi Tejas,
If you one a redundant link, you will need several configurations on the router:
- Apply the same crypto map to the secondary interface
Example:
crypto map map 65535 ipsec-isakmp dynamic DYNAMIC-MAP
interface gigabitEthernet 0/0
Description Secondary-Interface
crypto map map
- Make sure to set up IP SLA, and backup routes to the secondary interface, so if the primary link goes down it will fail into the secondary link.
- Now on a maintenance windows, disable the primary link and test the connection to the secondary to see if it works.
- Now on the VPN client installed on the end user, make sure to set up a new Connection, with the same Pre shared key, same name of the tunnel group and the secondary IP address:
Please proceed to rate and mark as correct the helpful Post!
David Castro,
Regards
04-12-2015 11:45 PM
Hi ,
I have configured the 2nd internet line also to accept the VPN connection, but there is an issue
if i test the 2nd vpn connection from my test desktop , i am able to connect to the VPN via 2nd line but i am not able to ping any internal devices i:e gateway router, dns server , mail server etc etc
is it true that since my primary line is up & running i am facing the problem .
That means unless & untill my primary link doesn't go down i will not be able to connect through 2nd line
Regards
Tejas
04-13-2015 05:02 AM
Hi Tejas,
On this case, I would recommend you to test this on a maintenance window(so may disable the primary unit and test the standby), so you will be able to see if the backup route and the NAT exempt on the secondary interface is taking precedence and working as expected.
Please proceed to rate both Posts and mark you questions as answered!
David Castro,
Regards,
04-20-2015 10:25 PM
Thanks David
after taking the primary link down , all work fine
Thank you again
04-21-2015 05:31 AM
Hi Tejas,
It is awesome that it works now!
If you still require assistance let me know!
David castro,
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide