[j-nsp] IPsec to VRRP - redundant tunnels
Massimiliano Galizia
massimiliano.galizia at gmail.com
Tue Jun 24 08:36:57 EDT 2008
No suggestions?
Many thanks in advance
MG
Massimiliano Galizia ha scritto:
> (I'm sorry if received it twice... got some problems with mail server)
>
> Hello ML,
> I have a network scenario like this below:
>
> [M7i]--|
> |---WAN---[Cisco]
> [M7i]--|
>
> Between Cisco and both JNPR I have to establish IPsec tunnels, one for
> each M7i. Configurations work great, but I have a problem: how to make
> Cisco router discover a faulty M7i and the redundant M7i take up the
> IPsec tunnel? First, I thought to configure the DPD on Cisco ( IKE
> keepalive). When Cisco doesn't receive a: "R_U_THERE" hello answer, it
> should engage the second end-point: did you ever tried this?, does it
> work?
>
> The second possibility is to make the Cisco establish IPsec tunnel to
> a VRRP address: once again, do yuo have some experience about this?
> Thnks a lot for your patience and help.
>
> Ciao
>
More information about the juniper-nsp
mailing list