Larry, Good find, however, we are GRE tunneling EIGRP across sites. This is before the PIXes.
Thanks, Ed --- "Roberts, Larry" wrote: > Taking a guess, but could you specify multiple > destination IP's under the > crypto map peer statement? > > PIX#(config) crypto map TEST 10 set peer 10.20.30.1 > 10.20.30.2 > > PIX#(config) show crypto map > Crypto Map: "TEST" interfaces: { } > > Crypto Map "TEST" 10 ipsec-isakmp > Peer = 10.20.30.1 > Peer = 10.20.30.2 > No matching address list set. > Current peer: 10.20.30.1 > Security association lifetime: 4608000 > kilobytes/28800 seconds > PFS (Y/N): N > Transform sets={ } > > I believe that this will first cause it to build to > .1, and if it is > unavailable to .2 > I would be curious as to how your going to handle > the internal routing back > to the corporate site? > I think that would be a stumbling block from what I > can tell. > > > Thanks > > Larry > > > -----Original Message----- > From: Edward Sohn [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 11:14 AM > To: [EMAIL PROTECTED] > Subject: for PIX VPN gurus... [7:58448] > > > I have a requirement in which a single Headquarters > PIX needs to VPN over > the internet to a single remote site which have two > separate PIXes > (connected the same site LAN). The goal is to > introduce redundancy into the > VPN connection to the remote site. Unfortunately, > it has to be like this > due to the company's hardware limitations. > > This is not a "classic" PIX failover configuration > via the serial method > (515, 525, 535), but two separate PIX 506's > connected separately to the same > LAN. > > I can't find anywhere on CCO whether this config is > supported, and the TAC > engineer is also clueless (he even said that he > doesn't have a way to LAB it > up--can you believe that?. This is Cisco we're > talking about here). > > Anyway, anybody ever done something like this? Will > this work? Can > somebody test this? > > BTW, I need to know ASAP, because the customer wants > to implement this > immediately if it will work. > > Thanks, > > Eddie [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58491&t=58448 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]