Redundant ipsec solution with two routers

Discussion in 'Cisco' started by Tom Pouce, Feb 13, 2004.

  1. Tom Pouce

    Tom Pouce Guest

    Hi,

    I had to set up an redundat sit-to-site ipsec connection with two router.
    Is it posible and how to configure?
    Do I have to configure HSRP or configure the IPSEC end-point on a loopback
    interface?
    Does anyone have some examples, tips or whatever to help me?

    Thx

    Tom Lauwereins
     
    Tom Pouce, Feb 13, 2004
    #1
    1. Advertising

  2. See comments in-line...

    In article <c0icg9$amr$>,
    Tom Pouce <> wrote:
    >Hi,
    >
    >I had to set up an redundat sit-to-site ipsec connection with two router.


    Your statement of the problem is confusing. Are you talking about two
    routers at each site or two routers, one at each site?

    >Is it posible and how to configure?


    Either way, yes it is possible. If the former, an example configuration
    is included in the white paper on Redundant IPsec on my website. If the
    latter, I'd be glad to do it for you, but would need to charge for the
    work.

    >Do I have to configure HSRP or configure the IPSEC end-point on a loopback
    >interface?


    HSRP is separate and independent. Whether or not you need it will
    depend upon how you get from a client system to the router supporting
    the IPsec tunnel.

    Hint: treat each IPsec tunnel as a point-to-point link with no
    broadcast or multicast capability and build your routing logic around
    that. Most designers take the easy way out and use GRE tunnels over
    the IPsec tunnels.

    Hint: Treat redundancy of the route between tunnel endpoints and
    redundancy of the IPsec tunnel itself independently.

    >Does anyone have some examples, tips or whatever to help me?


    Aside from the white paper on my web site and my hints above, try
    searching Google and Cisco's NetPro connection. This is a common
    requirement and there have been many discussions on the topic.

    Keep in mind that a redundant solution which is not well thought out
    will be more likely to reduce availability rather than improve it. It is
    very easy to throw money at the problem and improve nothing.

    Hint: Think through how you will detect a problem, how your design
    will route traffic around detected problems, and how confident you
    are that the alternate route will actually be there when you need it.

    >Thx
    >
    >Tom Lauwereins


    Good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Feb 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Manfred
    Replies:
    1
    Views:
    3,116
    Vincent C Jones
    May 4, 2004
  2. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,535
    Stuart Kendrick
    Aug 10, 2004
  3. Martin Bilgrav

    Q: Redundant Internet with two routers ?

    Martin Bilgrav, Sep 23, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,537
    Martin Bilgrav
    Sep 27, 2004
  4. Martin Bilgrav
    Replies:
    0
    Views:
    398
    Martin Bilgrav
    Sep 27, 2004
  5. Mephesto
    Replies:
    0
    Views:
    1,087
    Mephesto
    Jun 29, 2005
Loading...

Share This Page