05-05-2009 12:50 AM - edited 02-21-2020 03:26 AM
Head office with one Router (2851) connected to the LAN and several site-to-site VPN on the outside Ethernet to the branche offices.
I need to improve a kind of High-Availability ONLY on the head office.
I added a second Routers (2811) connected with HSRP to the LAN.
I tryed to implement HSRP also on the outside, but the VPNs dont go UP to the "virtual" IP of the HSRP.
What is the best way?
- double VPN, one to each Router - but how to decide priority?
- gre tunnel?
Thank's
05-05-2009 05:52 AM
Hi,
did you try this guide (HSRP+ SSO+IPSEC VPN) ...
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gt_topht.html
cheers
Michael
05-11-2009 09:52 AM
I would suggest "double VPN, one to each Router". As to deciding priority, depends on whether you see any advantage to off-loading some of the existing 2851 VPN load to the new 2811. Probably simpler to make 2851 primary path.
Unsure about your question about GRE tunnels. If you're doing VPN without them, GRE tunnels support traffic that something like native IPSec might not.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: