Taking a guess, but could you specify multiple destination IP's under the crypto map peer statement?
PIX#(config) crypto map TEST 10 set peer 10.20.30.1 10.20.30.2 PIX#(config) show crypto map Crypto Map: "TEST" interfaces: { } Crypto Map "TEST" 10 ipsec-isakmp Peer = 10.20.30.1 Peer = 10.20.30.2 No matching address list set. Current peer: 10.20.30.1 Security association lifetime: 4608000 kilobytes/28800 seconds PFS (Y/N): N Transform sets={ } I believe that this will first cause it to build to .1, and if it is unavailable to .2 I would be curious as to how your going to handle the internal routing back to the corporate site? I think that would be a stumbling block from what I can tell. Thanks Larry -----Original Message----- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 11:14 AM To: [EMAIL PROTECTED] Subject: for PIX VPN gurus... [7:58448] I have a requirement in which a single Headquarters PIX needs to VPN over the internet to a single remote site which have two separate PIXes (connected the same site LAN). The goal is to introduce redundancy into the VPN connection to the remote site. Unfortunately, it has to be like this due to the company's hardware limitations. This is not a "classic" PIX failover configuration via the serial method (515, 525, 535), but two separate PIX 506's connected separately to the same LAN. I can't find anywhere on CCO whether this config is supported, and the TAC engineer is also clueless (he even said that he doesn't have a way to LAB it up--can you believe that?. This is Cisco we're talking about here). Anyway, anybody ever done something like this? Will this work? Can somebody test this? BTW, I need to know ASAP, because the customer wants to implement this immediately if it will work. Thanks, Eddie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58455&t=58448 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]