ASR1002 VPN to terminate a loopback address

Joel Strawn · ‎10-24-2013

I am tasked with switching from our 7200's to ASR1002's for IPSEC VPN connections. Currently the 7200's run HSRP and we terminate the VPN to that address so which ever 7200 is active it run, when HSRP failover kicks in the clients drop, and re-establish to the other 7200. We want to use ARS1002's to do this, but I can not terminate the VPN to the HSRP address on the ASR, so I want to set a loopback address that is the same on both ASR's and the standby one is shut down, and an applet will run to see the standby switch to active, and then bring up the loopback on this ASR and also shut down the other loopback on failed ASR.

Question is, is this even possible? Is the ASR1002 the right device for this? Can it be set to a loopback address?? Any help is welcomed..

Richard Burts · ‎10-25-2013

It is not clear to me whether the VPN you talk about is Remote Access VPN or is Site to Site VPN. Perhaps you can clarify?

I am sure that there will be more involved in the solution than what has been described so far. But I would believe that it is quite possible to use a loopback for the the address for VPN.

We would need to know more about your environment to be able to address the question of whether the ASR1002 is the right device for your situation. But I can tell you this - I have a customer who was using 7200 routers to terminate several hundred site to site VPN tunnels. They changed from 7200 to ASR1002 to terminate the site to site tunnels and are very happy with the result. I do not know how similar your environment is to theirs and so can not know whether your experience would be the same positive outcome.

HTH

Rick

HTH

Rick