Currently I have site to site vpn tunnels set up pix to vpn concetrator
3020. I have another 3020 I would like to match the config on the two and set one up on a different public IP.let say the production one is on 66.177.8.2 and the other on
66.177.8.3. I am not sure how to config my pix so that if 66.177.8.2 goes down the pix will automatically switch to 66.177.8.3. Is this at all possible? They are site to site using preshared keys ipsec-isakmp. thanksIn article , jspr wrote: :Currently I have site to site vpn tunnels set up pix to vpn concetrator :3020. I have another 3020 I would like to match the config on the two :and set one up on a different public IP.
:let say the production one is on 66.177.8.2 and the other on :66.177.8.3. I am not sure how to config my pix so that if 66.177.8.2 :goes down the pix will automatically switch to 66.177.8.3. Is this at :all possible?
You can list multiple addresses on the crypto map set peer line, and you can give multiple such lines. The peers will be tried in order.
Note: at least through PIX 6.3, there is no real provision for automatically switching back to the original device when it comes back up. Once the PIX starts using a peer, it keeps using it. [There -are- some circumstances that will cause it to flip back, but the documentation on that operation is not very consistant and it shouldn't be counted on.]
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.