cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
223
Views
0
Helpful
1
Replies

Router config for VPN with backup ISP

tahscolony
Level 1
Level 1

I am not sure how to word it so search can find it, but what I am looking for is how to configure a router to have a primary VPN to an ASA, and if the primary ISP fails, to switch the VPN over to the backup ISP.  The ASA side is not an issue, set peer with both addresses, its the router side I am trying to decipher. Use SLA to fail over routing to the standby circuit, but how do I force the VPN to use that interface and switch back once the other ISP is back in service without any intervention?

 

Everything I have found so far is for the ASA to have dual ISP, and that is the opposite of what I need. The ASA is set as a failover cluster with BGP taking care of the publics during an event.

1 Reply 1

Rejohn Cuares
Level 4
Level 4

Follow this guide:

http://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html

 

Then on your crypto map and crypto key you define the second peer.

 

crypto isakmp key TUNNEL1KEY address PRIMARY-IP

crypto isakmp key TUNNEL2KEY address SECONDARY-IP

!
crypto map mymap 10 ipsec-isakmp
 set peer  PRIMARY-IP default
 set peer SECONDARY-IP
 set transform-set myset
 match address 100
!

 

Please rate replies and mark question as "answered" if applicable.