Hi Martino,

Thanks for the info. But is there any other way to this. The main aim is if S2S tunnel goes down the traffic should flow through alternate one which is to different peer IP.

Regards,

Suresh Kumar

In your situation, you can use GRE/IPSEC tunnel on both tunnels and let dynamic routing handle the failover situation, having 2 different peers, both having same network behind, you can easily define a gre/ipsec tunnel to redistribute via OSPF or eigrp or any Routing protocol you need, the same network, and make the failover condition to happen by setting a preferred path.

do you have any sample configuration for the above solution.

There is no exact sample but the links below should help you a bit more:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/2_p2pGRE_Phase2.html

Suresh

An alternative to Ivan's approach is that you can specify multiple peers in the same crypto map entry so if the first peer goes down the second will be used. Basically the first peer to respond will be used -

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s2.html#wp1046908

Jon

This however causes a bit of downtime, unlike GRE :)

When we configure multiple Peer ips

if the first peer is not reachable then it will take second peer IP and establish the S2S VPN.

Whether is there any way where in we can configure auto rollback to first peer ip.