I've been racking my brain trying to figure out the best way to provide high availability to a customer who wishes to ditch his p2p leased lines and go with VPN. He currently has a F/R network w/ISDN backup. He wishes to keep the ISDN backup capability in case the internet connections at the headend OR the remote site goes down. I know how to build redundancy at the headend, but what about the remote sites. Any ideas?
See the white paper on my web site on Redundant Routes in IPsec VPNs for some ideas... Just keep in mind that for redundancy to result in improving availability, three critical requirements must be met:
1 - You must be able to detect failure of a path
2 - You must be able to route around a detected failure
3 - Whatever killed the primary path must not also kill the backup path
If you don't have all three, you don't have a solution. Number 1 tends to be the hardest for IPSec VPNs, but #3 is also important (and a major contributer to the cost of the solution).
Good luck and have fun! And remember to be paranoid, because the real world really is out to get you :-)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :