Just a quick checklist to ensure you have performed when you wish to have a VPN tunnel that you wish to terminate on a secondary internet uplink.
In my case there were two internet uplinks - one active and another standby - being controlled by an SLA monitor / static routing.
- Ensure that ISAKMP has been enabled on the secondary interface.
- Ensure you have a static route in place to route the remote VPN subnet / traffic out of the secondary interface: route outsideSecondary 10.11.0.0 255.255.0.0 <secondary-int-default-gw>
- Ensure you have a static route in place that will route VPN traffic destined for the other side's endpoint e.g. route outsideSecondary 80.70.60.50 255.255.255.255 <secondary-int-default-gw>
No comments:
Post a Comment