High Availability for IPsec client connections

Unanswered Question
Dec 18th, 2009
User Badges:
  • Green, 3000 points or more

Hi All,


I am working on this client, which has two Internet connections using two ISPs. They host about 20 public servers.

I have two routers facing the Internet configured fine working with HSRP on the LAN interface, which connects through a pair of ASA's in failover and then through a switch to the internal servers. These servers are public servers which all of them have two NICs with two NAT'd public addresses (one for each Internet connection)


In other words, the public servers, can be accessed via either Internet connection.

Now, what we want to do is the following....


We want that outside users can access the servers via either Internet connection using HSRP statefully, so that they don't notice any interruption in the connection, if something happens with either Internet connection.


We also have VPN tunnels terminating on the Primary Router's WAN public IP address, but being redirected to the ASA (the IPsec tunnel actually terminates on the ASAs)...

We want to enable High Availability for the remote VPN clients, so that the VPN clients can access the servers via either Internet connection without any disruption.

I understand that I can enable HSRP on the outside interface on the routers with SSO, so that they provide a stateful tunnel.

Each router is going to have two interfaces to each Internet connection.


Is this going to work fine?

Can someone share me a link or configuration example?

Are there any other things to take into account?


Thank you All!


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion