VPN Concentrator redundancy

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Post Reply
Guest

VPN Concentrator redundancy

Post by Guest » Sun Aug 08, 2010 2:50 am

Hello,

 

I have some doubts about the VRRP process in VPN concentrators.

 

1 The Group Shared Address public and private) its the same than the Real Ip Addresses of the Master, correct?

For example, if I have configured like this:

Master: public(10.10.10.1); private (20.20.20.1)

Backup: public(10.10.10.2); private (20.20.20.2)

 

The group shared address should be: public(10.10.10.1) and private(20.20.20.1), correct?

 

2) If I have already a VPN concentrator configured and I want to had another one for redundancy, and I mantain the same IP address than before for the master, I dont need to change nothing in the neighbours of the VPN concentrator, right?

 

3) If the Master goes down, the backup will take over the VPN connections, the users will still use the same IP address than before to connect by VPN. However if I want to access to the administration of the backup I should still access to the 20.20.20.2 correct?

 

Thank you.

 

Best regards,

 

Norberto


Guest

Re:VPN Concentrator redundancy

Post by Guest » Sun Aug 08, 2010 3:55 am

Yes, you are absolutely correct with all your 3 statements.

 

With your second question, if you would like to add another VPN Concentrator for redundancy, you can actually use the configuration of the other VPN Concentrator, and just change the ip address that you assign to the private and public interfaces so its unique. All that needs to be the same is the group shared addresses, and also the role as a slave instead of master.

 

Here is more information on VRRP for your reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

 

Hope that helps.


Guest

Re:VPN Concentrator redundancy

Post by Guest » Sun Aug 08, 2010 5:04 am

Hi Jennifer,

 

Thank you for your reply!

 

Best regards,

 

Norberto


Post Reply