10-28-2005 05:19 AM
I am planning to implement a Cisco 2801 and a Cisco 3640 at Corporate. Keep in mind both routers have a T1. I also have over 30 sites which will have Cisco 1801s.
My plans is to implement at corporate GLBP for redundancy for internet and load balancing. How would I do redundancy for the VPN tunnels being terminated at Corporate?
It is to my understanding for GLBP to work I will need IOS 12.2T, but will this IOS release also allow me for redundant VPN?
10-28-2005 07:08 AM
when configuring crypto for the remote sites, you can configure multiple peers for backup.
e.g.
crypto map mymap 10 ipsec-isakmp
set peer <2801 public ip>
set peer <3640 public ip>
set transform-set myset
match address 100
at the main site, you may configure the vpn as normal, providing the glbp works as expected.
10-28-2005 08:23 AM
With this in mind, then wouldn't there be 2 tunnels? One going to the 2801 and 3640? I know I have to configure the tunnels on the 2801, but I also believe I need to duplicate the configuration on the 3640.
This is my config for the GBLP:
Router 2801
interface fa 0/0
ip address 10.21.8.32 255.255.255.0
glbp 10 ip 10.21.8.10 255.255.255.0
Router 3640
interface fa0/0
ip address 10.21.8.31 255.255.255.0
glbp 9 ip 10.21.8.11 255.255.255.0
Will this GLBP configuration make my 2801 as the AVG and the 3640 as the Standby?
10-30-2005 03:29 AM
the glbp command seems inaccurate.
i guess both of them should be in the same group, and then apply "priority" command to focus which router to be the primary and secondary.
for more details:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a00801541c8.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: