09-12-2011 10:48 AM - edited 03-04-2019 01:35 PM
Dear All,
At presently we have 1 core IPSec router where all the branch traffic is terminated and its the entry and exit point for all the traffic traversing the Data center. We need to implement 1 more IPSec core router which we need to plan in Active Active mode
that is some regions traffic will be primary for 1 router and some regions traffic will be secondary on the 2'nd router and vice versa for fall back and redundancy.
How can this be done also how can the routers decide internaly which router is intended to create the IPSec tunnel for the return traffic to the branches.
Kindly Guide me.
Regards,
Ranjit
09-12-2011 03:29 PM
If the transit path is all private network (MPLS or P2P), you can use GETVPN to simplify your IPSec peering configuration and also have an unified policy management.
Which router to choose from the branches to the DC can be handled with any routing protocol
09-12-2011 10:00 PM
Dear Edison,
Initially Thanks for your reply
I want to make both the IPSec routers active active and want to load balanace traffic
please can you update any cisco document regarding the same
Regards,
Ranjit
09-13-2011 07:01 AM
Ranjit,
The traffic load-balancing won't be done with IPSec but with a routing protocol.
You can have multiple IPSec Peers active in a router. This is a standard configuration.
If you want to read more about GETVPN, please refer to the documentation:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide