cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
684
Views
0
Helpful
2
Replies

VPN High-Availability

battanc
Level 1
Level 1

Head office with one Router (2851) connected to the LAN and several site-to-site VPN on the outside Ethernet to the branche offices.

I need to improve a kind of High-Availability ONLY on the head office.

I added a second Routers (2811) connected with HSRP to the LAN.

I tryed to implement HSRP also on the outside, but the VPNs dont go UP to the "virtual" IP of the HSRP.

What is the best way?

- double VPN, one to each Router - but how to decide priority?

- gre tunnel?

Thank's

2 Replies 2

mdombek_biz
Level 1
Level 1

Hi,

did you try this guide (HSRP+ SSO+IPSEC VPN) ...

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gt_topht.html

cheers

Michael

Joseph W. Doherty
Hall of Fame
Hall of Fame

I would suggest "double VPN, one to each Router". As to deciding priority, depends on whether you see any advantage to off-loading some of the existing 2851 VPN load to the new 2811. Probably simpler to make 2851 primary path.

Unsure about your question about GRE tunnels. If you're doing VPN without them, GRE tunnels support traffic that something like native IPSec might not.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: