cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
303
Views
0
Helpful
1
Replies

Two VPN peer IP on single router

arvindsingh1989
Level 1
Level 1

Hi, 

We have two hub sites for customer connectivity, on each site we have ASR1002 router for S2S VPN. Both the sites are working as active active for S2S VPN. 

I'm advertising  the site A peer IP supernet from site B and vise versa, my requirement is to have  auto fallback of  all the tunnel of site A to site B if site A router goes down. 

As per my understanding you can't configure two crypto map on the single interface, In my environment we are using single internet link and loopback interface is source of the VPN. 

Please let me know how I can achieve auto fallback for the VPN without changing the VPN peer ip. 

1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

Hi 

Configuration example:

crypto isakmp key cisco123 address 172.16.172.53
crypto isakmp key cisco123 address 172.16.173.52

crypto map vpn 10 ipsec-isakmp
set peer 172.16.172.53 default
set peer 172.16.173.52
set transform-set myset
match address 101

In this case the tunnel 172.16.172.53 will be the default peer and as soon as this one goes down the 172.16.173.52 will come up.

Hope this info helps!!

Rate if helps you!! 

-JP-