Today we are using a pair, for redundancy, of 2800 routers with crypto cards (AIM-VPN/SSL2) for our VPN Lan2Lan tunnels. The routers can terminate in different VRFs (VRF aware IPsec).
But one thing we are having quite an issue with is configuration. We have to remember to put configuration on both devices individually, which we tend to forget from time to time. And as far as I know they are not able to sync configuration. But I could be wrong...
I know that the ASA can, but then we have to have a lot of contexts which is quite expensive, and brings quite an amount of configuration each time we configure a new context.
It is possible to find some devices that can handle VRF aware IPsec as well as single device configuration?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...