Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Concentrator redundancy

Hello,

I have some doubts about the VRRP process in VPN concentrators.

1) The Group Shared Address (public and private) it's the same than the Real Ip Addresses of the Master, correct?

For example, if I have configured like this:

Master: public(10.10.10.1); private (20.20.20.1)

Backup: public(10.10.10.2); private (20.20.20.2)

The group shared address should be: public(10.10.10.1) and private(20.20.20.1), correct?

2) If I have already a VPN concentrator configured and I want to had another one for redundancy, and I mantain the same IP address than before for the master, I dont need to change nothing in the neighbours of the VPN concentrator, right?

3) If the Master goes down, the backup will take over the VPN connections, the users will still use the same IP address than before to connect by VPN. However if I want to access to the administration of the backup I should still access to the 20.20.20.2 correct?

Thank you.

Best regards,

Norberto

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN Concentrator redundancy

Yes, you are absolutely correct with all your 3 statements.

With your second question, if you would like to add another VPN Concentrator for redundancy, you can actually use the configuration of the other VPN Concentrator, and just change the ip address that you assign to the private and public interfaces so it's unique. All that needs to be the same is the group shared addresses, and also the role as a slave instead of master.

Here is more information on VRRP for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

Hope that helps.

2 REPLIES
Cisco Employee

Re: VPN Concentrator redundancy

Yes, you are absolutely correct with all your 3 statements.

With your second question, if you would like to add another VPN Concentrator for redundancy, you can actually use the configuration of the other VPN Concentrator, and just change the ip address that you assign to the private and public interfaces so it's unique. All that needs to be the same is the group shared addresses, and also the role as a slave instead of master.

Here is more information on VRRP for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

Hope that helps.

New Member

Re: VPN Concentrator redundancy

Hi Jennifer,

Thank you for your reply!

Best regards,

Norberto

416
Views
0
Helpful
2
Replies
CreatePlease login to create content