Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
3
Helpful
4
Replies

VPN and fault tolerance structure

christianIP
Level 1
Level 1

‎07-05-2006 06:00 AM - edited ‎02-21-2020 02:31 PM

On a hub-spoke structure we have a VPN 3005 concentrator as a hub and VPN 3002 clients for each spoke. Considering we want to implement fault tolerance on each site, what would be your recommendation, use PIX firewalls in addition to the VPN 3002 clients (I do not think we could have failover with a PIX and a VPN client) or just use another VPN 3002 client on each spoke (making sure they have failover working).

Your advise on this will be greatly appreciated. Please let me know if you need more details.

Many thanks.

Labels:
0 Helpful
4 Replies 4

hemendoz
Cisco Employee
Cisco Employee

‎07-05-2006 02:05 PM

Hello christianIP,

Let me preface this by saying I haven't really worked too much on the VPN 3002 HW client. However, why can't you install another VPN 3005 at a 2nd Hub site (dual hub configuration), then configure the 3002 HW clients to have two IPSec tunnels, one to each VPN 3005?

Hope that helps!

Thanks,

hemendoz

0 Helpful

christianIP
Level 1
Level 1
In response to hemendoz

‎07-06-2006 04:20 PM

Hi hemendoz,

Thanks for your suggestion, dual hub configuration works and is already in place so redundancy on the hub is already working. What we need is redundancy on the spokes. Considering the VPN 3002 NW client does not support failover, would it be a better option to replace them with Cisco 1700s or 1800s or just put another VPN 3002 HW client on each spoke.

Your input will be appreciated.

Rgds.

christianIP

0 Helpful

hemendoz
Cisco Employee
Cisco Employee
In response to christianIP

‎07-06-2006 08:49 PM

Hello christianIP,

Are you not able to configure multiple IPSec tunnels on the 3002? If not, then it seems you need to go with either of your proposed solutions. My preference would be for the router since it is one device that can terminate multiple VPN tunnels, not to mention the myriad of other features that can be configured. Also, I think the 3002 may be EOL very soon.

Hope that helps! If so, please rate.

Thanks

christianIP
Level 1
Level 1
In response to hemendoz

‎08-02-2006 09:16 AM

Hello hemendoz,

Sorry I couldn't get back sooner. In relation to the last reply you did, does VRRP work with a Router and the VPN hardware client. As far as I know, VRRP works only with Routers which must have the same configuration. Your input is appreciated.

Thanks a lot.

0 Helpful
Customers Also Viewed These Support Documents