Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

VPN IPsec High availability

noeperezs
Level 1
Level 1

‎10-03-2011 10:01 PM - edited ‎02-21-2020 05:38 PM

Hi, I have a branch router with IPsec configuration pointing to three central peers for backup with the same interesting traffic; the network is MPLS.

I configure DPD and when the first peer is down, the branch router established a new IPsec tunel to the second peer.

The problem is when the first router is up again; the tunel to the second peer is up and the branch is not able to reach applications.

is there a way to clear dinamically or automatically (not manual clear) the tunel to the second router and establish a new tunel to the first peer?

TIA

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎10-04-2011 10:00 AM

Noe,

You have not provided too much info. So what I would say evaluate either:

- GET VPN which was deisigned to, among others, work over MPLS networks

- Move to a logical interface solution : GRE over IPsec, VTI, DMVPN, Flex, whichever you want and run routing protocol over that network.

- Preferred peer maybe? Depends on your corruent setup.

In anyway I suggest you have a look at mechanisms built into protocol itself:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_rev_rte_inject_ps10591_TSD_Products_Configuration_Guide_Chapter.html

HTH,

Marcin

0 Helpful
Customers Also Viewed These Support Documents