Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
4
Helpful
2
Replies

Building redundant VPN's

michiganheart
Level 1
Level 1

‎08-11-2004 12:48 PM - edited ‎02-21-2020 01:17 PM

I have a remote site that is connected to our corporate office through a VPN tunnel. What is a common configuration to make it fault tolerant?

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎08-11-2004 01:35 PM

I have a customer with almost 80 remote sites connected to their central site via VPN. For them fault tolerance and redundancy are very important. We provisioned two routers at the central site (one as primary and one as backup). We configure two tunnels at the remote site, one to each of the central site routers. We configure IPSec over GRE so that we can run a dynamic routing protocol over the tunnels. We use the routing protocol to make one tunnel primary and take all of the traffic and the other tunnel is backup and will take all of the traffic if the primary fails. We use the routing protocol to switch the traffic so the convergence time to switch tunnels in event of a problem is very fast.

HTH

Rick

HTH

Rick
0 Helpful

vcjones
Level 5
Level 5
In response to Richard Burts

‎08-11-2004 04:25 PM

There are multiple approaches, depending upon your needs and budget. Two that I have developed for clients are documented in the white paper "Redundant IPSec VPNs" on my web site, complete with example configurations. One uses the Rick's approach (OSPF over GRE over IPSec), the other uses BGP to eliminate the need for the GRE layer.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

Customers Also Viewed These Support Documents