Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Concentrator clustering for site-to-site VPN?

Hi all,

I find the clustering of VPN concentrator in configuration guide is only good for client-to-site VPN, is it mean that the clustering option cannot be deployed in site-to-site VPN to provide HA and load-balancing?

Thanks and Regards,

mak

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN Concentrator clustering for site-to-site VPN?

Correct, the feature was only ever intended for SW and HW clients, not L2L tunnels.

For L2L tunnels you can configure the tunnel parameters on two of the concentrators in the cluster and then just have two "set peer" statements under the crypto map of the remote device, those statements point to each of the specific concentrators IP addresses (not the cluster address).

Doesn't give you true load-balancing like the SW clients do, but does give you redundancy.

1 REPLY
Cisco Employee

Re: VPN Concentrator clustering for site-to-site VPN?

Correct, the feature was only ever intended for SW and HW clients, not L2L tunnels.

For L2L tunnels you can configure the tunnel parameters on two of the concentrators in the cluster and then just have two "set peer" statements under the crypto map of the remote device, those statements point to each of the specific concentrators IP addresses (not the cluster address).

Doesn't give you true load-balancing like the SW clients do, but does give you redundancy.

127
Views
0
Helpful
1
Replies
CreatePlease to create content