02-05-2019 04:52 PM - edited 03-05-2019 11:14 AM
Hi. I have a scenario with 2 x 4331 routers. Currently they are connected to ISP and have an IPSEC VPN tunnel working between them. R1 resides in a data center R2 resides in the branch office. Now we have purchased a WIC for R2 and configured a redundant path via another ISP. I need now to be able to re-establish the VPN to R1 via the WIC should the primary line go down. I am comfortable with how to achieve this in R2 using another crypto map on the 2nd interface, and using an SLA monitor to make this the active route when primary goes down.
However, I cannot figure out what needs to be done at R1 as it only has a single WAN interface. I can add the new R2 WAN IP peer into the crypto map, but am confused as to how this becomes active as the match address access list will have the same R2 LAN IP range as the original peer map setting. Of course I cannot add another crypto map to the outgoing interface.
I should add that R1 also connects to 3 other remote site IPSCEC VPN's
Can anyone shed any light on this?
The attached generic diagram merely illustrates my topology, ignore any references on it.
Solved! Go to Solution.
02-05-2019 07:25 PM
02-05-2019 07:25 PM
02-06-2019 02:25 PM
02-06-2019 08:36 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide