[c-nsp] VPN Failover
Terry Baranski
tbaranski at mail.com
Wed Sep 10 20:12:52 EDT 2008
You can have multiple "set peer" statements in a given crypto map. Use the
"default" keyword
(http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_ipspp.ht
ml) along with Dead Peer Detection to have redundancy between SITEB and
DRSITE.
-Terry
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nimal
> David Sirimanne
> Sent: Wednesday, September 10, 2008 5:24 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VPN Failover
>
>
> Hi guys,
>
> We have 2 major offices (SITEA,SITEB)running site-2-site VPN
> connection
> between them. We are now setting up a new DR site (DRSITE) for SITEB
>
> However, our constraint is that SITEB internal network addressing and
> DRSITE internal network addressing has to be exactly the same. If
> internal network addressing for SITEB is 10.10.10.0/24, then internal
> network addressing for DRSITE is also 10.10.10.0/24. As i
> understand, it
> is not possible to for SITEA to have 2 active vpn links to sites with
> the same internal network addressing.
>
> Is it then possible, if SITEA -- vpn -- SITEB fails, that it will
> failover to SITEA -- vpn -- DRSITE?
>
> Hope i explained that properly. Thanks!
>
> Nimal
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list