Here's the relevent parts of my config.... When the line "drops" I can no longer access it from the outside.  I want to be able to ssh into both lines at any given time to check router configs.  My PTP vpn tunnels also do not work when this happens.  These are two internet t1 circuits.

interface Serial0/0/0:0

description Level 3 CktID

ip address 4.29.115.17 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation ppp

crypto map SDM_CMAP_1

!

!

interface Serial0/0/1:0

description Global Crossing CktID xxx

ip address 67.17.161.219 255.255.255.254

ip nat outside

ip virtual-reassembly

encapsulation ppp

crypto map SDM_CMAP_1

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source route-map prim-nat interface Serial0/0/1:0 overload

ip nat inside source route-map sec-nat interface Serial0/0/0:0 overload

ip route 0.0.0.0 0.0.0.0 67.17.161.209 180

ip route 0.0.0.0 0.0.0.0 4.29.115.18 190

ip route 128.242.119.39 255.255.255.255 67.17.161.220

ip route 192.168.0.0 255.255.0.0 67.17.161.220

ip route 204.93.111.211 255.255.255.255 67.17.161.220

ip route 204.93.111.215 255.255.255.255 67.17.161.220

The above routes I have all going over the Global Crossing circuit at the moment.  If these lines were both active I would have a couple of these tunnels going over the L3 lines

Anthony

I do not have a good understanding of your environment, and if I understood it better I might be able to give better advice. But based on what I understand so far here are my comments and suggestions.

I see that there are crypto maps on both of the serial interfaces (and in fact it seems to be the same crypto map on both serial interfaces). It might help a bit if we could see how the crypto map is configured.

I see that there are two static default routes configured and that each static default route has an administrative distance configured, which makes them into floating static routes and the Global Crossings route has the better administrative distance. So when both interfaces are active the static default route that is preferred is the Global Crossings route. So no traffic would be sent out the L3 interface. This is probably why those VPN tunnels do not work.

HTH

Rick

Richard - here's my cryptomap.  Basically I want both of these interfaces reachable from the outside.  If I put different administrative distances is that going to kill that possibility?

crypto map SDM_CMAP_1 2 ipsec-isakmp

description tunnel to DC1

set peer A.B.C.D

set transform-set ESP-3DES-SHA1

match address 102

crypto map SDM_CMAP_1 3 ipsec-isakmp

description Tunnel to DC2

set peer W.X.Y.Z

set transform-set ESP-3DES-SHA1

match address 101

Anthony

When you configure different administrative distances then only one of the routes will be in the routing table at any one time. And it would seem that this is what is preventing both peers from working.

Am I correct in assuming that peer A.B.C.D should connect over one of these links and that W.X.Y.Z should connect over the other link? If so then it might help make things work to put in host specific static routes in addition to the static default routes so that A.B.C.D is reached over the correct link and that W.X.Y.Z is reached over the correct link.

HTH

Rick