Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
1
Helpful
1
Replies

Redundant IPSec VPN

mdieken011
Level 1
Level 1

‎05-25-2023 12:59 PM

What would be the best way to setup a redundant tunnel on an ASA?  Something with 2 crypto maps that go to the same IP?

This would be for failover so if the primary is down the data is routed to the seconday?

There would be to 2 different devices on the peer end.

crypto map outside_map 130

crypto map outside_map 130 set peer 3.3.3.3

crypto map outside_map 140

crypto map outside_map 140 set peer 4.4.4.4

 

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎05-25-2023 01:04 PM

@mdieken011 you can set 2 peer IP addresses, when the first peer fails the next peer IP address will be attempted.

crypto map CMAP 1 set peer 1.1.1.1 2.2.2.1

This guide seems to cover your scenario.

Customers Also Viewed These Support Documents