I need advice from gurus in this forum who have experiences with this
scenario in a production environment:
I have a single VXR7206-a router running site-2-site VPN at my location A.
This VXR7206 router terminates about 20 other site-2-site tunnels. The
VPNs end-point at the remote location are Checkpoint firewalls, Juniper
firewalls, Nortel Contivity, Sonnic Wall, Pix/ASA and Cisco routers.
There are also several GRE/IPSec tunnels from this VXR7206 to other Cisco
routers at the other end. Everything is working fine so far. THERE
ARE NO NAT'ing ON THE VXR7206.
Now, I would like add another VXR7026-b on my end for automatically
redundant IPSec. In other words, if the VXR7206-a router goes down,
IPSec will automatically "stateful-failover" to VXR7206-b router, and
that isakmp does not have to be re-established.
Has anyone run into a similar situation like this and how do you go
about in making your VPN STATEFUL failover?