Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
1
Replies

VPN3000 and multi-homing (GRE and OSPF)

arnaud.dessauvages
Level 1
Level 1

‎10-19-2006 01:24 PM - edited ‎03-09-2019 04:36 PM

Hi,

We have a cluster of 2 VPN 3020 in the central site.

From this site, we have Lan-to-Lan VPN tunnels with several remote sites (one tunnel per remote site).

We intend to add high availabily to this network architecture.

DMVPN isn't supported on VPN 3000 equipment (if I'm right).

I think the best way to achieve the high availability is still to use a dynamic routing protocol.

In order to try to use such a protocol (OSPF), I wonder if the following setup could be done :

- 2 ISP connections on each site (on the central site as well as on the remote sites)

- 2 lan-to-lan VPN tunnel between the central site and each of the remote site (on 2 different equipments on each of these sites).

- implementing GRE over these tunnels, in order to implement OSPF over these GRE tunnels (GRE needed for OSPF multicast trafic).

Would someone have feedback about such a network architecture ?

Any advices would be much appreciated.

Thanks inadvance for your attention.

Best Regards,

Arnaud

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎10-25-2006 10:32 AM

Yes, it is possible to have an network design. The only thing that should be taken care is not to let two ISP communicate via your network. This has to be taken during Multihoming. But the better choice of protocol is BGP and not OSPF.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents