VPN Concentrator failover

Unanswered Question
Apr 21st, 2009


i have two cisco 3060vpn concentrators. one is in prodution and the other is in spare. i am planning to install spare vpn concentrator in failover mode so that if the current vpn concentrator goes down then the new vpn concentrator will take the charge.i was planning to configure VRRP on both the vpn concentrator but then i came to know that VRRP only gives redandancy to vpn tunnels. currently there are lot of remote users are logging in my network through vpn profile so i want minimum downtime incase of primary vpn concentrator goes down.please give me appropriate solution for failover setup.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Mon, 04/27/2009 - 12:59

VRRP is configured on the public and private interfaces in this configuration. VRRP applies only to configurations where two or more VPN Concentrators operate in parallel. All participating VPN Concentrators have identical user, group, and LAN-to-LAN settings. If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN connection, switchover is seamless


This Discussion