08-11-2004 12:48 PM - edited 02-21-2020 01:17 PM
I have a remote site that is connected to our corporate office through a VPN tunnel. What is a common configuration to make it fault tolerant?
08-11-2004 01:35 PM
I have a customer with almost 80 remote sites connected to their central site via VPN. For them fault tolerance and redundancy are very important. We provisioned two routers at the central site (one as primary and one as backup). We configure two tunnels at the remote site, one to each of the central site routers. We configure IPSec over GRE so that we can run a dynamic routing protocol over the tunnels. We use the routing protocol to make one tunnel primary and take all of the traffic and the other tunnel is backup and will take all of the traffic if the primary fails. We use the routing protocol to switch the traffic so the convergence time to switch tunnels in event of a problem is very fast.
HTH
Rick
08-11-2004 04:25 PM
There are multiple approaches, depending upon your needs and budget. Two that I have developed for clients are documented in the white paper "Redundant IPSec VPNs" on my web site, complete with example configurations. One uses the Rick's approach (OSPF over GRE over IPSec), the other uses BGP to eliminate the need for the GRE layer.
Good luck and have fun!
Vincent C Jones
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide