[j-nsp] IPsec to VRRP
Massimiliano Galizia
massimiliano.galizia at gmail.com
Fri Jun 27 09:36:28 EDT 2008
Hello ML,
I have a network scenario like this below:
[M7i]--|
|---WAN---[Cisco]
[M7i]--|
Between Cisco and both JNPR I have to establish IPsec tunnels, one for
each M7i. Configurations work great, but I have a problem: how to make
Cisco router discover a faulty M7i and the redundant M7i take up the
IPsec tunnel? First, I thought to configure the DPD on Cisco ( IKE
keepalive). When Cisco doesn't receive a: "R_U_THERE" hello answer, it
should engage the second end-point: did you ever tried this?, does it work?
The second possibility is to make the Cisco establish IPsec tunnel to a
VRRP address: once again, do yuo have some experience about this?
Thnks a lot for your patience and help.
Ciao
MAX
More information about the juniper-nsp
mailing list