From: Richard Dumoulin (richard.dumoulin@vanco.es)
Date: Fri Mar 05 2004 - 21:19:39 GMT-3
I see several solutions here.
If you're not using GRE then one possible way would be to use DPD (Dead
Peer Detection)or IKE keepalives and configure your crypto map with two "set
peer" commands. This way when your primary link becomes unavailable the
remote site will be able to negociate IPSec with the secondary link.
Another solution would be to configure 2 gre tunnels over both links, with
EIGRP inside. Then just manipulate the delay to prefer one path over the
other,
--Richard
This is all u need,
http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Technologies:IPSec
&viewall=true
-----Mensaje original-----
De: Franck ccie [mailto:cciefrank@hotmail.com]
Enviado el: viernes, 05 de marzo de 2004 21:03
Para: ccielab@groupstudy.com
Asunto: IPsec - loopback
Does anyone tried IPSEC on cisco routers using loopback addresses? We
need this implementation because we have redundant paths and we need
IPSEC to
be always up even if one of the link fails.
Thanks
------------------------------------------------------------------------
MSN Messenger : discutez en direct avec vos amis ! Cliquez-ici
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:15 GMT-3