site to site ipsec vpn failover

mistryj · ‎10-13-2012

Hello,

I have a single cisco 3925 router and using two interfaces to create vpn tunnels to remote sites. Interface gig 0/0 to site A and gig 0/1 to site B.

How can I configure the interfaces to failover when a tunnel fails to Site A ?

Site A is Primary and Site B the Backup.

I currently have a floating static to route between the two sites with Site B having a higher AD.

Any ideas ?

ALIAOF_ · ‎10-15-2012

So just to clarify this, you hvae Site A with a 3925 router and two ISP's one going ot gi0/0 and one going to gi0/1.

Now you have a VPN from gi0/0 to Site A and VPN from gi0/1 to Site B

You want to all traffic going to Site A to failover to the VPN to Site B so your users will be accessing Site A via Site B incase of a failure?

If that is the case why not setup a second VPN to Site A via gi0/1 (your second ISP). Use EIGRP or OSPF ? If you have routers on both ends use VTI tunnels

bejoybkn1 · ‎10-20-2012

Hello,

I ve done the similar setup but on ASA firewall

But it should work seemlessly on router as well if you have setup ip sla for the isp change

Apply the same crypto map on both gi0/0 and gi0/1

inter gi0/0

crypto map

inter gi0/1

crypto map

bejoy

bejoybkn.blogspot.in