Solved: configuring cisco router for remote VPN client

tejas.dandekar · ‎04-05-2015

Hello all,

My cisco router have redundant Internet link with public Ip address , one is primary while other is secondary .

My remote user have cisco VPN client software on their laptop with IP address of the primary link configured.

Now i also wanna have the secondary link public address pre-configured on their laptop so that if my primary internet link fails , they should be able to use the secondary Ip

Can someone suggest what additional configuration would require by me on cisco router to have both wan link use for VPN client

Regards

Tejas

David Johan Castro Fernandez · ‎04-13-2015

Hi Tejas,

On this case, I would recommend you to test this on a maintenance window(so may disable the primary unit and test the standby), so you will be able to see if the backup route and the NAT exempt on the secondary interface is taking precedence and working as expected.

Please proceed to rate both Posts and mark you questions as answered!

David Castro,

Regards,

View solution in original post

David Johan Castro Fernandez · ‎04-05-2015

Hi Tejas,

If you one a redundant link, you will need several configurations on the router:

- Apply the same crypto map to the secondary interface

Example:

crypto map map 65535 ipsec-isakmp dynamic DYNAMIC-MAP

interface gigabitEthernet 0/0
Description Secondary-Interface

crypto map map

- Make sure to set up IP SLA, and backup routes to the secondary interface, so if the primary link goes down it will fail into the secondary link.

- Now on a maintenance windows, disable the primary link and test the connection to the secondary to see if it works.

- Now on the VPN client installed on the end user, make sure to set up a new Connection, with the same Pre shared key, same name of the tunnel group and the secondary IP address:

Please proceed to rate and mark as correct the helpful Post!

David Castro,

Regards

tejas.dandekar · ‎04-12-2015

Hi ,

I have configured the 2nd internet line also to accept the VPN connection, but there is an issue

if i test the 2nd vpn connection from my test desktop , i am able to connect to the VPN via 2nd line but i am not able to ping any internal devices i:e gateway router, dns server , mail server etc etc

is it true that since my primary line is up & running i am facing the problem .

That means unless & untill my primary link doesn't go down i will not be able to connect through 2nd line

Regards

Tejas

David Johan Castro Fernandez · ‎04-13-2015

Hi Tejas,

On this case, I would recommend you to test this on a maintenance window(so may disable the primary unit and test the standby), so you will be able to see if the backup route and the NAT exempt on the secondary interface is taking precedence and working as expected.

Please proceed to rate both Posts and mark you questions as answered!

David Castro,

Regards,

tejas.dandekar · ‎04-20-2015

Thanks David

after taking the primary link down , all work fine

Thank you again

David Johan Castro Fernandez · ‎04-21-2015

Hi Tejas,

It is awesome that it works now!

If you still require assistance let me know!

David castro,

Regards