Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
1
Replies

Failover with CVPN3030

Go to solution
richard.werner
Level 1
Level 1

‎06-03-2003 06:30 AM - edited ‎03-09-2019 03:31 AM

Hi all,

is it possible to run two of this CVPN3030 in failover mode, like two Pix`s

with the failover cable. And if so how is it done.

Thanks

Richard

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-03-2003 06:12 PM

There's nothing like failover similar to what you have in the PIX, but the 30x0 has two features that work similarly.

Load Balancing:

Set up a group of 2 or more concentrators in a load-balancing format. This group shares a logical IP address that the user actually connects to, abd between them the concentrators will actually connect the user to the least-loaded concentrator. In the event of a failure of one concentrator, all those users connected to just that one are disconnected, but they can reconnect straight away without making any client changes and they'll get re-connected to one of the other concentrators.

Redundancy.

Similar to load balancing where the group of concentrators shares an IP address that the user connects to, but in this case the concentrators decide on a primary and a backup. all users connect to the primary, if that fails they'll get disconnected but again, they can re-connect back in without making any client changes, and they'll get connected to the backup concentrator.

Load balancing is better than redundancy (in my opinion) cause if you have a failure, at least you only lose some of your users, not all of them. With L2L tunnels the switchover in both scenarios is seamless and requires no user-interaction.

Check the Config Guide for details (http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/3_6/config/index.htm).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
gfullage
Cisco Employee
Cisco Employee

‎06-03-2003 06:12 PM

There's nothing like failover similar to what you have in the PIX, but the 30x0 has two features that work similarly.

Load Balancing:

Set up a group of 2 or more concentrators in a load-balancing format. This group shares a logical IP address that the user actually connects to, abd between them the concentrators will actually connect the user to the least-loaded concentrator. In the event of a failure of one concentrator, all those users connected to just that one are disconnected, but they can reconnect straight away without making any client changes and they'll get re-connected to one of the other concentrators.

Redundancy.

Similar to load balancing where the group of concentrators shares an IP address that the user connects to, but in this case the concentrators decide on a primary and a backup. all users connect to the primary, if that fails they'll get disconnected but again, they can re-connect back in without making any client changes, and they'll get connected to the backup concentrator.

Load balancing is better than redundancy (in my opinion) cause if you have a failure, at least you only lose some of your users, not all of them. With L2L tunnels the switchover in both scenarios is seamless and requires no user-interaction.

Check the Config Guide for details (http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/3_6/config/index.htm).

0 Helpful
Customers Also Viewed These Support Documents