Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Failover and load balance w/ 1700's and vpn 3000

I have remote sites with Cisco 1711's currently using ezvpn and reverse injection routes to establish a connection with a Cisco 3000 VPN Concentrator in our primary hub.

I have added another Cisco 3000 VPN Concentrator to our secondary hub.

What I would like to do is to setup the 1711's to be load balanced between the two concentrators.

Also, if one concentrator fails then the 1711's will create a tunnel to the second concentrator and use that until the primary is back up.

Can this be done? Any whitepapers that illustrate this? Thanks!

3 REPLIES
Silver

Re: Failover and load balance w/ 1700's and vpn 3000

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_white_paper09186a00801ee19a.shtml#wp1052316

Use DPDs to detect a dead peer so that you can flap over the VPN. The 2 VPN Concentrators can be connected on LAN. Have a Routing Protocol across them to a router where ur LAN will sit and which will choose the best path

Community Member

Re: Failover and load balance w/ 1700's and vpn 3000

Thanks! The whitepaper was perfect. Does it matter that the VPN concentrators sit on different LANs?

Silver

Re: Failover and load balance w/ 1700's and vpn 3000

That should not be a concern at all as RRI and DPD are specific to a destination. However your routing protocol if any you will have to extend it to properly for the fallback

188
Views
0
Helpful
3
Replies
CreatePlease to create content