cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
569
Views
1
Helpful
13
Replies

IPSEC VPN

Siddique
Level 1
Level 1

Siddique_1-1713013675405.png

Requirement : I want to create 2 ipsec VPN for fail-over / redundancy purpose on Router-A and Router-B. If the path through ISP-1 fail then traffic should automatically forward through ISP-2.

problem: I have successfully created ipsec VPN through ISP-1 network but cannot create VPN through ISP-2.

config file attached.

 

13 Replies 13

crypto map crypto-map 10 ipsec-isakmp 
 set peer 20.0.0.2 40.0.0.2 <- two peer to protect same traffic 
 set transform-set myset 
 match address 100

Remove below crypto map crypto-map 20 ipsec-isakmp set peer 40.0.0.2 set transform-set myset match address 100

Do same for other end 

MHM

Siddique_0-1713016569672.png

getting this error

Siddique_0-1713016907288.png

Is it ok?

Ok

Check failover 

MHM

Siddique_0-1713017812878.png

site to site ping not successful through isp-2

What you meaning ping is failed?

Set two peer under same map is use for failover' isp1 is down the two peer start use isp2.

It take some time to detect peer down

MHM

M02@rt37
VIP
VIP

Hello @Siddique 

Static routes on both routers are configured with equal AD of 1 (default value for static routes), which means they have equal priority. To achieve failover/redundancy, you should configure one static route with a lower AD than the other.

Router-A:

ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip route 0.0.0.0 0.0.0.0 30.0.0.2 10

 

Router-B:
ip route 0.0.0.0 0.0.0.0 20.0.0.1
ip route 0.0.0.0 0.0.0.0 40.0.0.1 10

Traffic will prefer the route with the lower AD and switch to the backup route if the primary route becomes unavailable.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Dear Sir,

Thanks for your reply. but still traffic not passing through isp-3 tunnel.

@Siddique 

ISP 3 ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

sorry not ISP-3, Its ISP-2.  

Now tunnel are ok. checking fail-over and let you know here sir.

dear sir,

Fail-over not happining

dear sir

fail-over not happining