Can 3845 with AIM-VPN/SSL-3 support stateful failover

Unanswered Question
Dec 11th, 2007


i have two 3845 router with AIM-VPN/SSL-3 running C3845-ADVIPSERVICESK9-M. i have configured HSRP on this router. Remote site establish tunnel with this HSRP IP. I want to know whether stateful failover can be configured between this two routers.




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
elias.ortiz Wed, 02/13/2008 - 16:31

Hello Fahim,

Were you able to finally get stateful failover on your 3845? I'm just about to define the purchase of those same routers to do the same for our network and after reading the documentation from cisco it isn't clear if that is possible. The feature guide document says only that its supported on (VAM), VAM2, and AIM-VPN/HPII+, but says nothing about AIM-VPN/SSL-3. I'm not sure if this is because this module didn't existed when the feature guide was written or if it is really not supported. I really won't like to purchase the wrong card or router. Can you tell me how you went on this? Also which IOS feature set did you use for this? I'm thinking advance security should have it but I can't verify because the feature navigator is not updated and doesn't show even support for this feature on the 3800 platform, even when few documentation existent makes reference to this as a possible implementation on 3845 (VPN Direct encapsulation Design Guide)

Please let me know how this issue ended for you.

cisco24x7 Sat, 03/15/2008 - 19:17

I tested the stateful failover on a pair of

Cisco VXR7204 and I can tell you that there

are a lot of constraints with this scenario.

I don't think the code is stable at this point.

If you want to achieve stateful failover,

go with Pix/ASA. You will definitely

get stateful failover with Pix/ASA.

my 2c.

CCIE Security


This Discussion