I have 2 site to setup IPSec VPN, both sites have 2 Internet connections.One site is ASA8.0, and the other is PIX7.2.
I want to setup 2 VPN tunnel to backup each other, the route part I think I can use oject tracking to do the redundacy, but on the VPN configuration, I am confusing about the following 2 different setup:
1.
#Primary
crypto map FWMAP 10 match address 101
crypto map FWMAP 10 set peer 192.168.6.2
#Secondary for backup
crypto map FWMAP 20 match address 101
crypto map FWMAP 20 set peer 192.168.6.5
2.
crypto map xxxmap 10 ipsec-isakmp
crypto map xxxmap 10 match address A_2_B
#Primary peer
crypto map xxxmap 10 set peer 10.1.1.1 !--ISP1
#Secondaru peer for backup
crypto map xxxmap 10 set peer 192.168.1.1 !--ISP2
It seems bother configuration should work? What is the differnce between them?
Not quite how the multi set peer command work, and configuration guide didn't explain that too.