VPN 3005 Virtual clustering question

JUSTIN LOUCKS · ‎08-08-2003

I recently purchased a second VPN 3005 Concentrator and was in the process of configuring it with my existing unit as a Virtual cluster. Upon setting this up, I realized that only the public interface is configured with a virtual IP address. My question involves setting up routing for the sessions that terminate on these VPN Concentrators. We have 30 locations running site-to-site VPN tunnels to these units and they will effectively be load-balanced between the two once they are configured and in-place. What is the best way to route traffic for remote office subnets that are connected by the VPN tunnels when they could be on either of the two boxes. Do the Concentrators support EIGRP or is it just RIP? We are using static routes currently so there are currently no routing protocols in-place for this process. Any feedback or assistance would be greatly appreciated.

Thank you,

Justin Loucks

JUSTIN LOUCKS · ‎08-11-2003

I attempted to put my two new VPN 3005 Concentrators in-place this weekend and ran into a problem. The first was that I could not get any sites connected to these units. I had backed up the config on my current 3005 and then restored it to the new units using TFTP. Once this was done, I modified the names and IP addresses of the new units to ensure there wasn't a conflict and I verified that all of the site-to-site IPSec tunnel definitions had come across. However, when I put them into production none of the remote sites connected and the event logs did not even show any attempts to connect. Does anyone have any ideas as to why this would have happened? Are there things besides the passwords on the accounts that are not contained in the config file and must be manually transferred?

Any assistance/recommendations would be appreciated.

Thank you,

Justin Loucks