02-14-2003 06:59 PM - edited 03-09-2019 02:06 AM
I looking for a solution for redundancy on configuration below.
We have 2 Concentrators3030 which we are planning to deploy one in NY and second in PH.
Both concentrators will have the same type of connections.
New York - Concentrator # 1
Public interface ip address : 10.10.10.2 ------outside on the internet
Private interface ip address: 172.30.100.2 -----> next hop is one of the PIX interface.
New York - PIX configuration
outside interface = is facing the internet
Inside interface = is on lan.
Third interface = is the one were the private interface of Concentrator will be connected.
Philadelphia - Concentrator # 2
Public interface ip address : 20.20.20.2 --- outside on the internet
Private interface ip address: 172.30.200.2 -----> next hop is one of the PIX interface.
Philadelphia - PIX configuration
outside interface = is facing the internet
Inside interface = is on lan.
Third interface = is the one were the private interface of Concentrator will be connected.
Will failover works in this configuration? So went New York's concentrator looses connection the internet, the remote HW clients (PIX 501) tunnels will failover to Philadelphia's concentrator.
New York and Philadelphia are part of the same WAN infrastructure, were we have many others frame connections for example.. San Francisco, Los Angeles, Chicago. etc..
So ,when HW clients failover to any of NY or PH concentrators, they should able to see any network within our frame-relay network.
02-17-2003 07:32 PM
It should work but you would probably have to be running a routing protocol. OSPF is supported on the concentrators and if you also run it on your wan routers you should be able to route back to the remotes.
You'll really have to test it though.
Good luck.
02-18-2003 07:04 PM
That where the problem is between the NY concentrator and the internal router is a PIX firewall and the same goes for PH site. I think that the PIX does not allow to pass any routing protocols.
02-19-2003 06:32 AM
I understand that the PIX poses a problem. You may try running OSPF in a GRE tunnel over the PIX. I have seen docs on it but have not had a chance to test.
02-18-2003 07:22 PM
Hello,
Don't know if this will help, but we have succesfully used IKE failovers with PIX units to various Cisco gear, however we are using dynamic crypto map in a hub and spoke configuration as opposed to static tunnels (same concepts though).
If you have on the two pixes:
crypto map MAP 10 set peer NYC
crypto map MAP 10 set peer PH
And IKE keepalives set, then if NYC tunnel fails it will try PH. The only trick here is keeping the routes updated. You have two ways that are decent. Use the reverse route injection on the Concentrators and redistribute from RIP or OSPF into whatever, or use Cisco IOS box that supports reverse route injection into EIGRP and use a floating static on the NYC side. We use a floating static route to the Concentrator (metric 240) and the use RRI on 75xx redistributed in EIGRP so once the Concentrator no longer has the SA the EIGRP routes are prefered.
It may not be an exact configuration, but the ideas are the same.
PIXes and Cisco IOS handles IKE peers fine, but I am looking for the same with Linksys, Netopia, Netgear, blah, blah, which don't respond the same for us.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide