VPN High-Availability

Unanswered Question
May 5th, 2009
User Badges:

Head office with one Router (2851) connected to the LAN and several site-to-site VPN on the outside Ethernet to the branche offices.

I need to improve a kind of High-Availability ONLY on the head office.

I added a second Routers (2811) connected with HSRP to the LAN.

I tryed to implement HSRP also on the outside, but the VPNs dont go UP to the "virtual" IP of the HSRP.

What is the best way?

- double VPN, one to each Router - but how to decide priority?

- gre tunnel?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Mon, 05/11/2009 - 09:52
User Badges:
  • Super Bronze, 10000 points or more

I would suggest "double VPN, one to each Router". As to deciding priority, depends on whether you see any advantage to off-loading some of the existing 2851 VPN load to the new 2811. Probably simpler to make 2851 primary path.

Unsure about your question about GRE tunnels. If you're doing VPN without them, GRE tunnels support traffic that something like native IPSec might not.


This Discussion