Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
1
Helpful
13
Replies

IPSEC VPN

Siddique
Level 1
Level 1

‎04-13-2024 06:21 AM

Siddique_1-1713013675405.png

Requirement : I want to create 2 ipsec VPN for fail-over / redundancy purpose on Router-A and Router-B. If the path through ISP-1 fail then traffic should automatically forward through ISP-2.

problem: I have successfully created ipsec VPN through ISP-1 network but cannot create VPN through ISP-2.

config file attached.

 

Labels:
Preview file
2 KB
0 Helpful
13 Replies 13

MHM Cisco World
VIP
VIP

‎04-13-2024 06:28 AM 

crypto map crypto-map 10 ipsec-isakmp 
 set peer 20.0.0.2 40.0.0.2 <- two peer to protect same traffic 
 set transform-set myset 
 match address 100

Remove below 
crypto map crypto-map 20 ipsec-isakmp 
 set peer 40.0.0.2
 set transform-set myset 
 match address 100

Do same for other end 

MHM

0 Helpful

Siddique
Level 1
Level 1
In response to MHM Cisco World

‎04-13-2024 06:56 AM

Siddique_0-1713016569672.png

getting this error

0 Helpful

Siddique
Level 1
Level 1
In response to Siddique

‎04-13-2024 07:02 AM

Siddique_0-1713016907288.png

Is it ok?

MHM Cisco World
VIP
VIP
In response to Siddique

‎04-13-2024 07:05 AM

Ok

Check failover 

MHM

0 Helpful

Siddique
Level 1
Level 1
In response to MHM Cisco World

‎04-13-2024 07:17 AM

Siddique_0-1713017812878.png

site to site ping not successful through isp-2

0 Helpful

MHM Cisco World
VIP
VIP
In response to Siddique

‎04-13-2024 07:35 AM

What you meaning ping is failed?

Set two peer under same map is use for failover' isp1 is down the two peer start use isp2.

It take some time to detect peer down

MHM

0 Helpful

M02@rt37
VIP
VIP

‎04-13-2024 07:31 AM - edited ‎04-13-2024 07:31 AM

Hello @Siddique 

Static routes on both routers are configured with equal AD of 1 (default value for static routes), which means they have equal priority. To achieve failover/redundancy, you should configure one static route with a lower AD than the other.

Router-A:

ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 30.0.0.2 10

 

Router-B:
ip route 0.0.0.0 0.0.0.0 20.0.0.1
ip route 0.0.0.0 0.0.0.0 40.0.0.1 10

Traffic will prefer the route with the lower AD and switch to the backup route if the primary route becomes unavailable.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Siddique
Level 1
Level 1
In response to M02@rt37

‎04-13-2024 07:42 AM

Dear Sir,

Thanks for your reply. but still traffic not passing through isp-3 tunnel.

0 Helpful

M02@rt37
VIP
VIP
In response to Siddique

‎04-13-2024 07:44 AM

@Siddique 

ISP 3 ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Siddique
Level 1
Level 1
In response to M02@rt37

‎04-13-2024 12:15 PM

sorry not ISP-3, Its ISP-2.  

Now tunnel are ok. checking fail-over and let you know here sir.

0 Helpful

Siddique
Level 1
Level 1
In response to Siddique

‎04-13-2024 01:02 PM

dear sir,

Fail-over not happining

0 Helpful

Siddique
Level 1
Level 1
In response to M02@rt37

‎04-13-2024 01:08 PM

dear sir

fail-over not happining

0 Helpful

MHM Cisco World
VIP
VIP

‎04-26-2024 12:26 PM

still not solve it ?????????

MHM

0 Helpful
Customers Also Viewed These Support Documents