Hi,

I have two routers which have a point to point VPN to each other over EFM links. The point to point VPN works fine over the EFM's but each 1841 router also has an autofailover ADSL card. Now the failover works fine for everything other than the point to point VPN.

I've copied the relevant part of the configs below for each site.

Site 1:

crypto map VPN local-address FastEthernet0/1

crypto map VPN 1 ipsec-isakmp

set peer 9.9.9.9

set transform-set 3des

match address vpn

interface FastEthernet0/0

ip address 4.4.4.4 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 10

full-duplex

no cdp enable

crypto map VPN

!

interface FastEthernet0/1

ip address 8.8.8.8 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

Site 2:

crypto map VPN local-address FastEthernet0/1

crypto map VPN 1 ipsec-isakmp

set peer 8.8.8.8

set transform-set 3des

match address vpn

interface FastEthernet0/0

ip address 5.5.5.5 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 10

full-duplex

no cdp enable

crypto map VPN

!

interface FastEthernet0/1

ip address 9.9.9.9 255.255.255.252

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

The routed block from each routers Fasterhernet0/1 interface is also shared by the DSL on each router and if Fe0/0 goes down it automatically starts going over the DSL due to BGP.

I'm pretty sure the VPN however doesn't failover due to the "Crypto map VPN" being assigned to the FE0/0 interface on each router which is the WAN for the EFM. I thought that using the "crypto map VPN local-address FastEthernet0/1" statement would solve this but unfortunately not.

I've looked for a solution but haven't had any luck. Any suggestions most welcome

Thanks

Andrew