Redundant Tunnel - IOS

adamtodd16 · ‎09-06-2011

At our core, we have a primary fw (2951) and a backup fw (2951). Each has it's own dedicated connection (seperate ISP's).

Right now, all branch offices connect via isakmp to the primary fw. I would like to setup each outside site to automatically switch to the backup fw in the event that the primary fw or connection goes down.

Looking for some guidance in setting up priorities and how default routes are handled.

Thank you.

Marcin Latosiewicz · ‎09-06-2011

Adam,

There's way too few information in your post to give you some solid answer.

I would start by checking the availability section in command reference:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_rev_rte_inject_ps10591_TSD_Products_Configuration_Guide_Chapter.html

Depending on technology you're using, but "preferred peer" is what you might be looking for.

HTH,

Marcin

adamtodd16 · ‎09-06-2011

What other information do you need?

Was looking through that before, but would like to work through it if possible.

Marcin Latosiewicz · ‎09-06-2011

Adam,

First of all what we'd need to understand what is already configured on the 2951s and on the other ends.

Second of all (and depending what you have configured now) you may choose to have redundancy/availability on IKE level or on RP level (or both ;-)).

Some info about topology apart from the 2951s would be also interesting (especially in term of how you route traffic to the 2951s)

Third, do you require fallback to primary 2951 when it's available?

Any extra features to be applied? (QoS, load-sharing, WCCP?)

Marcin