I am tasked with switching from our 7200's to ASR1002's for IPSEC VPN connections. Currently the 7200's run HSRP and we terminate the VPN to that address so which ever 7200 is active it run, when HSRP failover kicks in the clients drop, and re-establish to the other 7200. We want to use ARS1002's to do this, but I can not terminate the VPN to the HSRP address on the ASR, so I want to set a loopback address that is the same on both ASR's and the standby one is shut down, and an applet will run to see the standby switch to active, and then bring up the loopback on this ASR and also shut down the other loopback on failed ASR.
Question is, is this even possible? Is the ASR1002 the right device for this? Can it be set to a loopback address?? Any help is welcomed..
It is not clear to me whether the VPN you talk about is Remote Access VPN or is Site to Site VPN. Perhaps you can clarify?
I am sure that there will be more involved in the solution than what has been described so far. But I would believe that it is quite possible to use a loopback for the the address for VPN.
We would need to know more about your environment to be able to address the question of whether the ASR1002 is the right device for your situation. But I can tell you this - I have a customer who was using 7200 routers to terminate several hundred site to site VPN tunnels. They changed from 7200 to ASR1002 to terminate the site to site tunnels and are very happy with the result. I do not know how similar your environment is to theirs and so can not know whether your experience would be the same positive outcome.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...