cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
4
Replies

S2S VPN Failover

In case we have 2 routers each having a WAN link provided by single ISP we can configure HSRP with SSO for failover of Classic IPSEC solutions . But in a case where there are 2 routers but WAN links are different ( Different service provider ) we wont be able to use HSRP because ip address ( subnet ) will be different and assigning a virtual ip from that is impossible .

In this case what kind of the best possible solution for failover link to function ? SVTI with crypto maps ? because in this case we can make 2 tunnels each with different souce and using IPSLA or dynamic routing change routes for a failover .            

1 Accepted Solution

Accepted Solutions

so you want to route based on the source-IP that some sources go through the tunnel and some don't?

That could be solved with policy-based-routing.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

4 Replies 4

In my opinion VTIs with a dynamic routing-protocol is a very good solution for that problem. But you don't nned the crypto-maps any more for that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

If i use tunnel protection all data would be sent out to extranet .

so you want to route based on the source-IP that some sources go through the tunnel and some don't?

That could be solved with policy-based-routing.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Yes PBR could be an option . If i go for tunnel protection I would can restrict certain traffic using PBR and if i go for crypto maps I can restrict using the crypto ACL .

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: