Hi Joe,
Please have a look at the following links (They might give you an idea) http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/white_paper_c11_472859.html https://supportforums.cisco.com/community/netpro/security/vpn/blog/2011/04/25/ipsec-vpn-redundancy-failover-over-redundant-isp-links http://blog.ine.com/2008/11/06/ipsec-vpn-high-availability-with-hsrp/ Regards, Mohamed Gazzaz > Date: Mon, 14 May 2012 12:57:56 -0400 > From: [email protected] > To: [email protected] > Subject: [OSL | CCIE_Security] DPD preemption? > > Hello, > > I am working on a design trying to accomplish the following: I have > two ASA's that need to terminate L2L IPSEC tunnels to some remote > sites but they are in different regions of the world. The idea is > that a remote site will have a tunnel to the ASA closest to the site, > and a backup tunnel to the other. I believe I can accomplish this by > having a crypto map on the remote router with two "set peer" commands > on the same crypto map line. It looks like dead peer detection will > detect if the primary link goes down and failover to the secondary, > but I don't see a way to make it recover after the primary comes back > up. Is there a way to accomplish that? > > I would want it to fail back over to the primary because the primary > will be geographically closer and yield better response times. > > Is there a better way to do something like this? > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
