02-05-2009 05:25 AM - edited 02-21-2020 04:08 PM
Need advice from VPN experts in this forum who actually have done
something similar to this:
Current Configuration:
a Single VXR7206 with VAM+2 card for site-2-site VPN. There are
about 10 VPN tunnels on this device. Remote VPN peers range from
Checkpoint Firewall/VPN, Juniper, SonicWall, IOS routers and ASA
appliances. There are about 4 GRE/IPSec tunnels and the remaining
VPN tunnels are standard site-2-site VPNs.
Objective:
Increase redundancy capability by adding another VXR7206 router to
allow for IPSec stateful failover. Must be able to accomodate ALL
remote VPN peers such as Checkpoint, Juniper, SonicWall, IOS routers
and ASA appliances.
Question: What is the best approach to this?
Many thanks.
02-05-2009 10:55 AM
You would create HSRP groups on both WAN / LAN sides.
Here is a guide
http://www.cisco.com/en/US/prod/collateral/routers/ps5855/white_paper_c11_472858.html
02-05-2009 11:00 AM
Sorry, wrong guide. Here is the correct one....
http://www.cisco.com/en/US/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ft_vpnha.html')">http://www.cisco.com/en/US/docs/ios/12_2/12_2y/12_2yx11/feature/guide/ft_vpnha.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide