Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1369
Views
0
Helpful
2
Replies

EzVPN with Dial-BackUp for connecting to same peer IP

ROBERTO GIANA
Level 4
Level 4

‎12-13-2010 07:45 AM

Hi

Has anybody managed to build a EzVPN configuration which connects to the same peer IP by using an ethernet as outside interface and the GSM as Dail-BackUp interface as outside? I just want to have internet redundancy at the spoke's location. So when the local internet access on the outside ethernet interface fails I want to use the cellular interface for backup.

I found the EzVPN backup configuration option. But this works only with different peer IPs at the hub site. But as I have there redundant ASAs which do not offer a second IP to connect to I can not use it.

Labels:
0 Helpful
2 Replies 2

Herbert Baerten
Cisco Employee
Cisco Employee

‎12-14-2010 07:25 AM

Hi,

I believe this example may be of some help:

http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/backup_ps10538_TSD_Products_Configuration_Guide_Chapter.html#wp1054727

(in case the link does not take you to the relevant part directly, look for "Cellular Wireless Modem as Backup with NAT and IPSec Configuration ".

It  seems to be missing an essential part, i.e. the actual ezvpn client  config, but I guess you already have that part (and so you can just copy  it for the second instance - or maybe you can even re-use the first one  on the cellular interface).

hth

Herbert

0 Helpful

ROBERTO GIANA
Level 4
Level 4
In response to Herbert Baerten

‎12-20-2010 06:07 AM

Hi Herbert

I've found similar examples. One problem I had was that the router didn't let me configure two EZVPN profiles to the same peer IP. Somehow magically on the second try it worked. May the unholy Cisco spirits from the underworld now why it works now, but it works. ;-)

Another part of the magic trick is to define the GSM EZVPN profile as the backup of the primary LAN EZVPN profile. I had to use "backup BACKUPPROFILE track 1" in the primary EZVPN profile to indicate that the primary profile has to use BACKUPPROFILE as the backup with the tracker #1 as trigger.

I used this example here and adopted it to use the GSM dialer instead of the POTS dialer.

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6635/prod_white_paper0900aecd80393720_ps6659_Products_White_Paper.html

Kind regards

Roberto

0 Helpful
Customers Also Viewed These Support Documents