Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
2
Replies

VPN redundancy setup

Go to solution
lquin1978
Level 1
Level 1

‎08-10-2011 06:59 AM

We have a site to site VPN connection with a remote network and want to know if there is anyway to configure a secondary peer IP address that the VPN would use to connect in case the primary became unavailable

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-10-2011 07:37 AM

Configuring Backup peer for vpn tunnel on same crypto map

Problem

You want to use multiple backup peers for a single vpn tunnel.

Solution

Configuring multiple peers is equivalent to providing a fallback list. For each tunnel, the security appliance attempts to negotiate with the first peer in the list.

If that peer does not respond, the security appliance works its way down the list until either a peer responds or there are no more peers in the list.

The ASA should have a crypto map already configured as the primary peer. The secondary peer could be added after the primary one.

This example configuration shows the primary peer as X.X.X.X and backup peer as Y.Y.Y.Y:

ASA(config)#crypto map mymap 10 set peer X.X.X.X Y.Y.Y.Y

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#addbackup

HTH

If helpful rate

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-10-2011 07:37 AM

Configuring Backup peer for vpn tunnel on same crypto map

Problem

You want to use multiple backup peers for a single vpn tunnel.

Solution

Configuring multiple peers is equivalent to providing a fallback list. For each tunnel, the security appliance attempts to negotiate with the first peer in the list.

If that peer does not respond, the security appliance works its way down the list until either a peer responds or there are no more peers in the list.

The ASA should have a crypto map already configured as the primary peer. The secondary peer could be added after the primary one.

This example configuration shows the primary peer as X.X.X.X and backup peer as Y.Y.Y.Y:

ASA(config)#crypto map mymap 10 set peer X.X.X.X Y.Y.Y.Y

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#addbackup

HTH

If helpful rate

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
lquin1978
Level 1
Level 1
In response to Marwan ALshawi

‎08-10-2011 08:14 AM

Thanks.. 2 more quick questions.. is this supported in v8.2? and do I need a sepeate tunnel group for the second peer (I assume I do)

0 Helpful
Customers Also Viewed These Support Documents