I am looking for a product that can load balance point-to-point or branch office IPSEC tunnels. The topology would be small IPSEC boxes at remote sites building tunnels to a central site with 5 or 6 larger IPSEC boxes. The tunnels from the remote sites should be dynamically set up to any one of the central site VPN servers as directed by a load balancing appliance. Can the 11500 series or any other product provide this functionality?
I read your reply and think this is quite intresting for a lot of customers. By thinking about this solution I stumbled over several IPSec and routing issues which I would like to discuss.
First of all the IPSec issues I see:
In doing ISO SLB you need to have the destination VPN-peer Configured on every router used as endpoint (e.g. as loopback) to avoid problems with AH right? The other possibility I could think of is to implement this via Server-NAT so that you have a virtual IP-Sec EndPoint and multiple real endings (each the physicalinterface IP of the real VPN-Router) with the problem that you are not allowed to use AH but this isn't used very often.
Now my routing issue:
How do you ensure that packets destined to a certain location are routed to the correct VPN-Endpoint if you are having a corporate network behind the Serverfarm of VPN-Routers?
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...