[c-nsp] highly available ipsec vpn
Nick Cutting
ncutting at edgetg.com
Thu Feb 8 17:48:38 EST 2018
What devices? ISR / ASR ?
static VTI tunnels or DMVPN?
Try not to mix HSRP and routing - HSRP is just for gateways. If you need two tunnels you will need a routing protocol.
Send us the design you need to accomplish
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of harbor235
Sent: Thursday, February 8, 2018 5:34 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] highly available ipsec vpn
This message originates from outside of your organisation.
I am looking to implement a highly available IPSEC route based VPN.
Traditionally I would bring up multiple tunnels with multiple BGP peers in a dual router setup.
IPSEC HSRP design appears to be the flavor of the day, failover times appear to be lengthy compared to failover times via BGP. IS anyone using the HSRP HA setup? Are your experiences good or bad? Has the BGP route based IPSEC VPN design fallen from grace?
Mike
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list