Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
1
Replies

IPSEC HA - dual LINK(ISP)

J_Vansen_S
Level 3
Level 3

‎12-09-2014 02:29 AM - edited ‎02-21-2020 07:58 PM

Hi,

 

I would like to verify my setup. If this is achievable in terms of IPSEC HA failover.

Apparently the VPN headend is a 3925ISR.

Primary link to remote sites will be via ISP 1 Direct lease line.

If any of the lease line to/fro the remote site breaks, the tunnel will fail over to ISP over the cloud.

 

Thus on my ISR3925 i will be needing to configure quite a few number tunnels for my remote sites

Am i on the right track?

 

Labels:
Preview file
100 KB
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎12-09-2014 04:30 AM

The HA is easily done. You build two tunnels (VTI/FlexVPN) per spoke to the HQ-Router (or routers) and run a routing protocol through the tunnels to prefer the primary link. If the primary link fails, the routing protocol will converge to the tunnel over the secondary ISP.

0 Helpful
Customers Also Viewed These Support Documents