Could someone confirm the following points for me as we have had conflicting information on some of these issues :
Is it possible to use 2x 3005 units for load balancing between them (without any other units involved)? There has been some suggestion that you need a bigger unit (3015+) to actually 'manage' these devices in this sort of configuration.
Is it true that the load-balancing is achieved by having the client connect to a virtual IP address and then being connected to the relevant unit (is this done by tunnels or processor load or something else ?) ? If this is the case, where is this virtual IP address held ? If either of the units failed, would this virtual IP address always be available to redirect clients to the remaining working box (up to it's capacity) ?
Is the only method of 'redundancy' or 'failover' etc. to have a dedicated unit idle, shadowing an existing unit ?
Is it true that site-site clients (using an 837 ADSL router) cannot use the virtual IP address and have to be directed specifically to one of the units and consequently would not be able to connect until that unit was replaced in the event of it failing ?
Essentially, we having a VPN requirement for slightly more tunnels than a single 3005 could support, so are proposing using 2 3005 in a load balanced configuration. Rather than a 3030. However, we may not be prepared to duplicate the equipment for full failover capability (if this is what is required). We recognise there might be a possibility the should one unit fail, using the load balancing virtual IP address, when clients re-connect, they will be connected to the only remaining unit (is this possible ?). We are not sure how this would apply to site-site connections though (up to 30 sites).
Firstly, you can have two 3005 with load balancing. Even for your second question, if you have have more no. of tunnels that could be handled by 3005, you can use the load balancing by making use of 2 of those.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :