jean-marc nguessan
asked on
main and backup vpn configuration
my challenge is to build two VPN configuration on the same cisco router. one main link and a backup on the same router in case the main link fails we can use the back link
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key ?????? address 192.x.x.1
crypto isakmp key ?????? address 196.x.x.2
crypto isakmp keepalive 60 periodic
!
crypto map VPN local-address Loopback54
crypto map VPN ipsec-isakmp
description ####VPN####
set peer 192.x.x.1
set security-association lifetime seconds 28800
set transform-set algo_combo6
set pfs group5
match address VPN
crypto map VPN ipsec-isakmp
description ##VPN##
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo2
set pfs group2
match address FOR_VPN
!
crypto map VPN ipsec-isakmp
description ####VPNBACKUP####
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo6
set pfs group5
match address FOR_VPN_BK
crypto map VPN_BK 20 ipsec-isakmp
description ####VPN_BACKUP####
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo2
set pfs group2
match address FOR_VPN_BK
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key ?????? address 192.x.x.1
crypto isakmp key ?????? address 196.x.x.2
crypto isakmp keepalive 60 periodic
!
crypto map VPN local-address Loopback54
crypto map VPN ipsec-isakmp
description ####VPN####
set peer 192.x.x.1
set security-association lifetime seconds 28800
set transform-set algo_combo6
set pfs group5
match address VPN
crypto map VPN ipsec-isakmp
description ##VPN##
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo2
set pfs group2
match address FOR_VPN
!
crypto map VPN ipsec-isakmp
description ####VPNBACKUP####
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo6
set pfs group5
match address FOR_VPN_BK
crypto map VPN_BK 20 ipsec-isakmp
description ####VPN_BACKUP####
set peer 196.x.x.2
set security-association lifetime seconds 28800
set transform-set algo_combo2
set pfs group2
match address FOR_VPN_BK
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
- do you want automatic fail-over of traffic path, if primary tunnel fails then traffic automatically passes to secondary tunnel?
- for this you will need dynamic routing protocols like EIGRP / OSPF / BGP. And in this case a Route based VPN tunnels will work.
Router based VPN
and if this is OK for your setup then please wait till next week, i am going to upload 4th part of article which have same setup with addition of OSPF.