cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
540
Views
0
Helpful
2
Replies

IPSec stateful failover on IOS routers

cisco24x7
Level 6
Level 6

Need advice from VPN experts in this forum who actually have done

something similar to this:

Current Configuration:

a Single VXR7206 with VAM+2 card for site-2-site VPN. There are

about 10 VPN tunnels on this device. Remote VPN peers range from

Checkpoint Firewall/VPN, Juniper, SonicWall, IOS routers and ASA

appliances. There are about 4 GRE/IPSec tunnels and the remaining

VPN tunnels are standard site-2-site VPNs.

Objective:

Increase redundancy capability by adding another VXR7206 router to

allow for IPSec stateful failover. Must be able to accomodate ALL

remote VPN peers such as Checkpoint, Juniper, SonicWall, IOS routers

and ASA appliances.

Question: What is the best approach to this?

Many thanks.

2 Replies 2

tmiller888
Level 1
Level 1

You would create HSRP groups on both WAN / LAN sides.

Here is a guide

http://www.cisco.com/en/US/prod/collateral/routers/ps5855/white_paper_c11_472858.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: