Link to home
Create AccountLog in
Avatar of lovableurs
lovableursFlag for United States of America

asked on

VPN to Customer Site (Trying to make failover work)


my situation is different here as far as i know, it might not be difficult for you

I have a VPN IPSec setup between my router and the customer Site # 1 cisco ASA5505 which is working fine.

now my customer wants me to setup an failover vpn to site # 2 in case site # 1 goes down.

the following is what i have done and have on my router

crypto map outside_map1 1 match address outside_cryptomap_1
crypto map outside_map1 1 set peer 207.x.x.x 67.x.x.x
crypto map outside_map1 1 set transform-set ESP-3DES-MD5
crypto map outside_map1 interface outside

tunnel-group 207.x.x.x type ipsec-l2l
tunnel-group 207.x.x.x ipsec-attributes
pre-shared-key *

the external ip 207 is working fine but when the router on site #1 goes down it does not fail over to site # 2 whose external ip is 67

am i missing something here that need to be modified

Avatar of asavener
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of lovableurs


Addition Question : Would it fail back to primary once its back  up or do i have to configure something to make it fail back?
I don't know that.