I have a home_office with multi-link internet circuits (2). I have a remote_office with one internal router and two pix firewalls with a dsl router in front of one and another broadband router in front of the other. I currently have an IPSEC tunnel working from the home_office to the DSL router and through the pix inside, works fine. I now have a redundant connection at the remote_office, a broadband router in front of and additional pix. the pix has a routable subnet sent to it and is able to be homed to it's outside interface. i want to set this up for redundancy, i have read that it's possible to have a VPN ipsec tunnel to two peers for redundancy. How?
the home_office has two peers to choose from (dsl router) or (pix behind Broadband)both with the same matching ACL and transfrom-set and isakmp policy. are the two peers set in the same crypto map instance? are they in the same map but differnet instances? i can't seem to get it to work. anyone got an example. thanks!