Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN High-Availability

Head office with one Router (2851) connected to the LAN and several site-to-site VPN on the outside Ethernet to the branche offices.

I need to improve a kind of High-Availability ONLY on the head office.

I added a second Routers (2811) connected with HSRP to the LAN.

I tryed to implement HSRP also on the outside, but the VPNs dont go UP to the "virtual" IP of the HSRP.

What is the best way?

- double VPN, one to each Router - but how to decide priority?

- gre tunnel?

Thank's

2 REPLIES
New Member

Re: VPN High-Availability

Hi,

did you try this guide (HSRP+ SSO+IPSEC VPN) ...

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gt_topht.html

cheers

Michael

Super Bronze

Re: VPN High-Availability

I would suggest "double VPN, one to each Router". As to deciding priority, depends on whether you see any advantage to off-loading some of the existing 2851 VPN load to the new 2811. Probably simpler to make 2851 primary path.

Unsure about your question about GRE tunnels. If you're doing VPN without them, GRE tunnels support traffic that something like native IPSec might not.

229
Views
0
Helpful
2
Replies
CreatePlease to create content