I am setting up a redundant a l2l VPN tunnel between PIX and 2 VPN concentrators, here is the diagram
VPN Concentrator 1 -------------| (ip address 1.1.1.1) (Active) |-----> Router Internet | PIX (ip address 3.3.3.3) VPN Concentrator 2 -------------| (ip address 1.1.1.2) (Standby)
VPN concentrator 1 and 2 is from the same company, with different ip addresses, both are tunneled to pix, where VPN concentrator 1 is active, and 2 is standby:
I created crypto map with higher priority number to the Standby VPN tunnel, but use exact same ACL:
crypto ipsec transform-set tSet-3des esp-3des esp-md5-hmac access-list pix2vpn permit ip 3.3.3.0 255.255.255.0 1.1.1.0
255.255.255.0
# To active VPN concentrator
crypto map cmapVPN 10 ipsec-isakmp crypto map cmapVPN 10 match address pix2vpn crypto map cmapVPN 10 set peer 1.1.1.1 crypto map cmapVPN 10 set transform-set tset-3des
# To standby VPN concentrator
crypto map cmapVPN 20 ipsec-isakmp crypto map cmapVPN 20 match address pix2vpn crypto map cmapVPN 20 set peer 1.1.1.2 crypto map cmapVPN 20 set transform-set tset-3des
my question is : will this create a problem if both VPN concentrator's tunnel are up?, thanks