[c-nsp] VPN failover / load sharing using IOS?

Cameron.Dry at didata.com.au Cameron.Dry at didata.com.au
Tue Feb 8 23:07:02 EST 2005 

Check out:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_
guide09186a00800ed370.html

Cameron 

 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
signal at shreve.net
Sent: Wednesday, 9 February 2005 11:50 AM
To: 'cisco-nsp'
Subject: [c-nsp] VPN failover / load sharing using IOS?


Has anyone done any type of VPN failover and/or load balancing using 
IOS?

For example something like a 2 1700 routers, each with 2 T1 cards in 
them,
Each T1 card would be connected to a different ISP, each with its own 
IP space
(no BGP).  Either T1 would be able to go down, and the VPN could 
re-establish
itself over the remaining T1.  Both T1's would be load balanced over 
for VPN
connectivity.

Is it possible to establish 2 VPN's, 1 over each link, with the same 
source/destination private networks defined, and have the router load 
balance these and also work in failover?

Another thought, which is kind of ugly (but maybe not), is 2 GRE 
tunnels, and then dual static routes over the tunnels:

Router 1 T1 #1  <----------------------- GRE Tunnel #1 
-------------------> Router 2 T1 #1
Router 2 T1 #2 <------------------------ GRE Tunnel #2 
-------------------> Router 2 T1 #2

ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2

Then establish the VPN on top of the above.  I don't particular like 
the idea of building a tunnel on top of 2 other tunnels, so if anyone 
has experience in doing this type of setup, please share what you used 
to do it.

Brian



Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


******************************************************************************
 - NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally privileged information.  If you have received this email in error, please notify the sender and delete it immediately.

Internet communications are not secure. You should scan this message and any attachments for viruses.  Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.
******************************************************************************

More information about the cisco-nsp mailing list