cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
512
Views
0
Helpful
4
Replies

Concentrator 3030 - Redundancy?

ovillaci
Level 1
Level 1

I looking for a solution for redundancy on configuration below.

We have 2 Concentrators3030 which we are planning to deploy one in NY and second in PH.

Both concentrators will have the same type of connections.

New York - Concentrator # 1

Public interface ip address : 10.10.10.2 ------outside on the internet

Private interface ip address: 172.30.100.2 -----> next hop is one of the PIX interface.

New York - PIX configuration

outside interface = is facing the internet

Inside interface = is on lan.

Third interface = is the one were the private interface of Concentrator will be connected.

Philadelphia - Concentrator # 2

Public interface ip address : 20.20.20.2 --- outside on the internet

Private interface ip address: 172.30.200.2 -----> next hop is one of the PIX interface.

Philadelphia - PIX configuration

outside interface = is facing the internet

Inside interface = is on lan.

Third interface = is the one were the private interface of Concentrator will be connected.

Will failover works in this configuration? So went New York's concentrator looses connection the internet, the remote HW clients (PIX 501) tunnels will failover to Philadelphia's concentrator.

New York and Philadelphia are part of the same WAN infrastructure, were we have many others frame connections for example.. San Francisco, Los Angeles, Chicago. etc..

So ,when HW clients failover to any of NY or PH concentrators, they should able to see any network within our frame-relay network.

4 Replies 4

HEATH FREEL
Level 1
Level 1

It should work but you would probably have to be running a routing protocol. OSPF is supported on the concentrators and if you also run it on your wan routers you should be able to route back to the remotes.

You'll really have to test it though.

Good luck.

That where the problem is between the NY concentrator and the internal router is a PIX firewall and the same goes for PH site. I think that the PIX does not allow to pass any routing protocols.

I understand that the PIX poses a problem. You may try running OSPF in a GRE tunnel over the PIX. I have seen docs on it but have not had a chance to test.

dvarana
Level 1
Level 1

Hello,

Don't know if this will help, but we have succesfully used IKE failovers with PIX units to various Cisco gear, however we are using dynamic crypto map in a hub and spoke configuration as opposed to static tunnels (same concepts though).

If you have on the two pixes:

crypto map MAP 10 set peer NYC

crypto map MAP 10 set peer PH

And IKE keepalives set, then if NYC tunnel fails it will try PH. The only trick here is keeping the routes updated. You have two ways that are decent. Use the reverse route injection on the Concentrators and redistribute from RIP or OSPF into whatever, or use Cisco IOS box that supports reverse route injection into EIGRP and use a floating static on the NYC side. We use a floating static route to the Concentrator (metric 240) and the use RRI on 75xx redistributed in EIGRP so once the Concentrator no longer has the SA the EIGRP routes are prefered.

It may not be an exact configuration, but the ideas are the same.

PIXes and Cisco IOS handles IKE peers fine, but I am looking for the same with Linksys, Netopia, Netgear, blah, blah, which don't respond the same for us.