Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
0
Helpful
2
Replies

VPN Concentrator redundancy

Go to solution
Norberto Salgado
Level 1
Level 1

‎11-16-2010 03:17 AM

Hello,

I have some doubts about the VRRP process in VPN concentrators.

1) The Group Shared Address (public and private) it's the same than the Real Ip Addresses of the Master, correct?

For example, if I have configured like this:

Master: public(10.10.10.1); private (20.20.20.1)

Backup: public(10.10.10.2); private (20.20.20.2)

The group shared address should be: public(10.10.10.1) and private(20.20.20.1), correct?

2) If I have already a VPN concentrator configured and I want to had another one for redundancy, and I mantain the same IP address than before for the master, I dont need to change nothing in the neighbours of the VPN concentrator, right?

3) If the Master goes down, the backup will take over the VPN connections, the users will still use the same IP address than before to connect by VPN. However if I want to access to the administration of the backup I should still access to the 20.20.20.2 correct?

Thank you.

Best regards,

Norberto

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎11-16-2010 11:28 PM

Yes, you are absolutely correct with all your 3 statements.

With your second question, if you would like to add another VPN Concentrator for redundancy, you can actually use the configuration of the other VPN Concentrator, and just change the ip address that you assign to the private and public interfaces so it's unique. All that needs to be the same is the group shared addresses, and also the role as a slave instead of master.

Here is more information on VRRP for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎11-16-2010 11:28 PM

Yes, you are absolutely correct with all your 3 statements.

With your second question, if you would like to add another VPN Concentrator for redundancy, you can actually use the configuration of the other VPN Concentrator, and just change the ip address that you assign to the private and public interfaces so it's unique. All that needs to be the same is the group shared addresses, and also the role as a slave instead of master.

Here is more information on VRRP for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

Hope that helps.

0 Helpful

Go to solution
Norberto Salgado
Level 1
Level 1
In response to Jennifer Halim

‎11-17-2010 01:48 AM

Hi Jennifer,

Thank you for your reply!

Best regards,

Norberto

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents