The easiest way is to use "default" keywords with isakmp keepalive.
crypto-map USOFFICE 10 ipsec-isakmp
set peer 1.1.1.1 default <----------PRIMARY link
set peer 1.1.1.1 <-------------------Backup
+ add isakmp keepalive on both end to detect failure at isakmp level. I
normally set it to 10 seconds,
"default' keyword in primary peer is the KEY for failback.
Do it on both end and you should be fine.
HTH
On Mon, Apr 16, 2012 at 9:13 AM, Vishal Rane <vishal.rane_at_hotmail.co.in>wrote:
> ******************************
> Format messed up, reloading again
> ********************************
>
>
> Is it possible to set up Two IPSEC tunnel with different service provider
> &
> Remote Access on a single Router.
>
> Router Model 2811 with VPN Encryption module
>
> (1) Remote Access for Mobile users accessing application from out of
> office
>
> (2) Two IPSEC tunnel from different provider to the same Destination
>
> (3) Internet Access for LAN users
>
>
> Service Provider 1 - > 10MB Internet Pipe , public ip range /29
> Service Provider 2 - > 5 MB Internet Pipe , public ip range /30
>
>
> Trying to achieve
>
>
> (a) Set Service Provider 1 pipe for Primary IPSEC VPN and RA + Backup for
> Internet Access for LAN Users
>
>
> (b) Set Service Provider 2 pipe for Primary Internet Access for LAN Users +
> Backup for IPSEC VPN and RA
>
>
>
> Hope to get some positive response
>
>
> Best Wishes
> Vishal
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 16 2012 - 19:41:14 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART