04-29-2007 10:43 PM - edited 03-05-2019 03:45 PM
Hi,
As we know the Cisco PIX/ASA firewalls have the stateful failover feature.Which allow the active the vpn ,http sessions being up during the failover.
I am interested in whether Cisco Routers have the similar feature? . Can i keep the active vpn, nat sessions on different router through the clustering or somehow redundancy.
p.s. Please don't offer the HSRP ;). It is just for redundancy of L3 connections.I need the stateful redundancy
thanks
04-29-2007 11:06 PM
Hi Leo,
Here 's a link for stateful failover :
http://cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b64.html
But u dont want the HSRP :-(
Even for nat we have the same process :
http://cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008060c61d.html
This document says that tables are replicated
But I think it is similar to ASA while duplication http relication and all the steful information to the standby device
Are u looking for failover interface or something like SLA monitor?
Raj
04-30-2007 12:20 AM
Hi Raj,
Very good link for stateful vpn! Should be tested!
No i didn't want HSRP, because of its purpose. As i needed not just redundancy, i asked not to suggest the HSRP. But conjunction HSRP with SSO seems to be solution for me.
thanks
05-07-2007 04:13 AM
Hi,
I have Cisco 7204 VXR with NPE-400, and advanced ip services.
As i understood if i want to make Stateful Failover for IPSec, the only requirments for second box is advanced ip services IOS? that is all.
Leo
04-30-2007 04:32 AM
Hi Raj,
In this case i think the only requirements is having the same IOS,no matter which kind of boxes you gonna use.
Correct me, if i am wrong
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide