Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
2
Replies

Cisco 871 EZVPN Client Failover

JohnDFTZCorp
Level 1
Level 1

‎04-06-2010 01:46 PM

I have a Cisco 871 setup as a VPN client to a third-party’s VPN server.  For business reasons this VPN connection is critical and must stay up continuously.  We are about to send off our server/router setup to a hosting center across the country and want to enable high availability for this VPN connection.  I have researched the HSRP and even enabled it on two 871’s with matching configurations and the high availability works great.  The internal interface fails over from the primary to the secondary router with no problem.  However, the problem is the VPN; since we can only connect to the VPN server once, I need some mechanism to automatically disable the primary router’s VPN connection and enable the secondary router’s VPN connection.

I have found documentation on setting up failover using HSRP for VPN servers, but I’ve found no examples doing what we are trying to do.

Any help would be greatly appreciated.

Thanks,

John

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎04-06-2010 02:13 PM

Oops, posted the wrong info...:-)

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Collin Clark

‎04-06-2010 02:18 PM

There are few examples of complex IPSec failover. There is a great book on this topic though-

http://www.amazon.com/IPSec-VPN-Design-Vijay-Bollapragada/dp/1587051117/ref=sr_1_1?ie=UTF8&s=books&qid=1270588573&sr=8-1

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents