Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
465
Views
0
Helpful
1
Replies

Simple IOS VPN IPsec HUB and Spoke with Failover HUB

l.buschi
Level 2
Level 2

‎02-03-2016 11:43 AM - edited ‎02-21-2020 08:39 PM

Hi all,

I have a Hub nd Spoke  VPN architecture realized with sVTI, IKEv1 and IPsec.

My hub is connected to a single ISP.

I'd like to have an hardware redundancy for my hub.

Instead of creating a double tunnel in each spoke i'd like to use a failover protocol over my 4000ISR router.

Is there a way to realize it simply?

If I use IOS IPsec failover do I have to deploy my changes on  both router or (like ASA) I may configure the active router and let the standby receive the chenges?

Thank you all.

Johnny

Labels:
0 Helpful
1 Reply 1

rvarelac
Level 7
Level 7

‎02-08-2016 03:01 PM

Hi Johnny,

Which redundancy solution are you planning to implement on the Cisco ISR ? 

HSRP with another hardware box might fit well here:

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-ipsec/white_paper_c11_472859.html

Hope it helps

-Randy-

0 Helpful
Customers Also Viewed These Support Documents