Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1139
Views
5
Helpful
2
Replies

IPsec Over Backup Cellular

CSCO12093326
Level 1
Level 1

‎12-06-2012 01:17 PM - edited ‎02-21-2020 06:32 PM

Would we go about setting up an IPsec tunnel the same way as I would over the primary connection. I have a backup Cellular Interface and want an IPsec tunnel to be triggered only when the primary goes down. I have the primary being tracked with IP sla and tracking statements.

I am in a Cisco Router. Not and ASA.

Any suggestions on this. Thank you much.

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-07-2012 06:13 AM

depending what your existing configuration is you can do different things.

Crypto maps - use route tracking to point routing via the other interface should the primary one fail (you can use specific routes or default one, up to you). Peer on remote end either terminates on dynamic crypto map or applies two different peers under same crypto map entires.

VTI/GRE - use separate VRF for second ISP and rely on routing to send traffic to one or another (benefit is that both tunnels can be operational at the same time).

Plenty of others, but best failover is your routing protocol.

M.

CSCO12093326
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-07-2012 09:00 AM

Thank you. I am a little fuzzy on the VRF but wont take long to get with it. This was very helpful. I will post back once I am able to test this. Thank you.

0 Helpful
Customers Also Viewed These Support Documents