[c-nsp] VPN failover / load sharing using IOS?
Cameron.Dry at didata.com.au
Cameron.Dry at didata.com.au
Tue Feb 8 23:07:02 EST 2005
Check out:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_
guide09186a00800ed370.html
Cameron
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
signal at shreve.net
Sent: Wednesday, 9 February 2005 11:50 AM
To: 'cisco-nsp'
Subject: [c-nsp] VPN failover / load sharing using IOS?
Has anyone done any type of VPN failover and/or load balancing using
IOS?
For example something like a 2 1700 routers, each with 2 T1 cards in
them,
Each T1 card would be connected to a different ISP, each with its own
IP space
(no BGP). Either T1 would be able to go down, and the VPN could
re-establish
itself over the remaining T1. Both T1's would be load balanced over
for VPN
connectivity.
Is it possible to establish 2 VPN's, 1 over each link, with the same
source/destination private networks defined, and have the router load
balance these and also work in failover?
Another thought, which is kind of ugly (but maybe not), is 2 GRE
tunnels, and then dual static routes over the tunnels:
Router 1 T1 #1 <----------------------- GRE Tunnel #1
-------------------> Router 2 T1 #1
Router 2 T1 #2 <------------------------ GRE Tunnel #2
-------------------> Router 2 T1 #2
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel1
ip route <insert vpn endpoint ip> 255.255.255.255 Tunnel2
Then establish the VPN on top of the above. I don't particular like
the idea of building a tunnel on top of 2 other tunnels, so if anyone
has experience in doing this type of setup, please share what you used
to do it.
Brian
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
******************************************************************************
- NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately.
Internet communications are not secure. You should scan this message and any attachments for viruses. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachments.
******************************************************************************
More information about the cisco-nsp
mailing list