Failover and load balance w/ 1700's and vpn 3000

ewattnem · ‎09-12-2005

I have remote sites with Cisco 1711's currently using ezvpn and reverse injection routes to establish a connection with a Cisco 3000 VPN Concentrator in our primary hub.

I have added another Cisco 3000 VPN Concentrator to our secondary hub.

What I would like to do is to setup the 1711's to be load balanced between the two concentrators.

Also, if one concentrator fails then the 1711's will create a tunnel to the second concentrator and use that until the primary is back up.

Can this be done? Any whitepapers that illustrate this? Thanks!

attrgautam · ‎09-13-2005

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_white_paper09186a00801ee19a.shtml#wp1052316

Use DPDs to detect a dead peer so that you can flap over the VPN. The 2 VPN Concentrators can be connected on LAN. Have a Routing Protocol across them to a router where ur LAN will sit and which will choose the best path

ewattnem · ‎09-13-2005

Thanks! The whitepaper was perfect. Does it matter that the VPN concentrators sit on different LANs?

attrgautam · ‎09-14-2005

That should not be a concern at all as RRI and DPD are specific to a destination. However your routing protocol if any you will have to extend it to properly for the fallback