Crypto Map With 2 x Set VPN Peer Statements


I have a remote site with 2 x routers (HSRP) LAN side and different public IP's on the outside (static IP's) assigned by the carrier. The carrier will not run HSRP on the outside as these are only ADSL connections.

I understand on the Pix you could previously set 2 x peer statements in the Crypto Map e.g.

crypto map blah match address 100 set peer set peer

I need a way to fail over my VPN to the second peer in the event that the 1st is unreachable. Anyone done this with an ASA, any examples ? I have heard that it is possible but only if one end originates the connection i.e. not bi-directional.

If this is not possible I need a workaround. I tried a while ago to run unicast OSPF down a VPN tunnel between a router & ASA, having seen a Cisco example using 2 x ASA's, however, I could not get it working and assumed that only ASA to ASA would work.

My only thought at the moment is that I am going to have to land a GRE tunnel on a router behind the firewall but would welcome any other solutions.



Reply to
Darren Green
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.