cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
3
Replies

Redundant VPN design

pentrix2
Level 1
Level 1

I am planning to implement a Cisco 2801 and a Cisco 3640 at Corporate. Keep in mind both routers have a T1. I also have over 30 sites which will have Cisco 1801s.

My plans is to implement at corporate GLBP for redundancy for internet and load balancing. How would I do redundancy for the VPN tunnels being terminated at Corporate?

It is to my understanding for GLBP to work I will need IOS 12.2T, but will this IOS release also allow me for redundant VPN?

3 Replies 3

jackko
Level 7
Level 7

when configuring crypto for the remote sites, you can configure multiple peers for backup.

e.g.

crypto map mymap 10 ipsec-isakmp

set peer <2801 public ip>

set peer <3640 public ip>

set transform-set myset

match address 100

at the main site, you may configure the vpn as normal, providing the glbp works as expected.

With this in mind, then wouldn't there be 2 tunnels? One going to the 2801 and 3640? I know I have to configure the tunnels on the 2801, but I also believe I need to duplicate the configuration on the 3640.

This is my config for the GBLP:

Router 2801

interface fa 0/0

ip address 10.21.8.32 255.255.255.0

glbp 10 ip 10.21.8.10 255.255.255.0

Router 3640

interface fa0/0

ip address 10.21.8.31 255.255.255.0

glbp 9 ip 10.21.8.11 255.255.255.0

Will this GLBP configuration make my 2801 as the AVG and the 3640 as the Standby?

the glbp command seems inaccurate.

i guess both of them should be in the same group, and then apply "priority" command to focus which router to be the primary and secondary.

for more details:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper09186a00801541c8.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: