Re: Redundant 3005 VPN Concentrator

b.eman · ‎02-17-2005

I currently have a 3005 concentrator for remote vpn tunnels and vpn client access. I have approx. 6 remote IPsec tunnels and also remote vpn client access configured on the current 3005. I had a 2nd 3005 running only 1 wireless connection that I have since removed. So my question is can I some how use my extra 3005 Concentrator that I now have as an extra as a redundant backup for my current 3005?

I don't so much want a load balance solution just a failover in case the first 3005 would ever fail. I realize there would be down time till the second concentrator initiated the new tunnels.

I am just not sure if this is possible with the 3005 so I was just wondering.

Thanks

gfullage · ‎02-17-2005

Sure it is, the concentrators use VRRP to determine automatic switchover when necessary, see http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/config/iprout.htm#1012150 for details on how to configure it.

To be honest I would recommend configuring load-balancing, it works in much the same way as redundancy, but if one concentrator fails, because the connections are spread over the two 3005's, only half your connections will drop out. The other half will be able to re-connect, but it halves your outage over a redundant backup type of setup. See http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094b4a.shtml and http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/config/lbssf.htm for details on this type of setup.