[AusNOG] FlexVPN
Mike Taylor
mtaylor at totalteam.co.nz
Thu Jan 19 07:13:10 EST 2017
Hi Steve,
yes, you can have your primary link up/up AND an IPSEC tunnel which is
up/idle, ready to take traffic once the main link fails.
IP SLAs and 'track' to trigger the route change on the CPE end might be
useful as well...
Regards,
Mike
Mike Taylor
The Total Team
DDI: +64 33530993
MOB: +64 274731969
0800 888 326 / +64 3 3779050
On 19/01/17 00:14, Steve Hille wrote:
>
> Hi all,
>
>
>
> I have a brief question about FlexVPN – we are starting to deploy a
> lot more IPSEC sites and I’d like to look at simplifying it a bit, I
> usually use IP SLA in case the main link fails we have a 3G backup, at
> present because the tunnels are built with static IP addresses it
> means the users have to connect to the VPN until the hardened
> connection is back up (and it’s very rare that they go down thankfully).
>
>
>
> I’m using a lot of Cisco 1941’s with a 4G HWIC, I’m assuming that
> setting up FlexVPN will allow the tunnel back to the VPN termination
> router to be built no matter if we have the hardened link up or if
> that hardened link has failed, I’m assuming it will pick the tunnel
> back up using the cellular connection? I just set 2 static routes down
> the tunnel for our internal traffic and stick a higher metric on the
> cellular route?
>
>
>
> Thanks in advance.
>
>
>
> Steve
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170119/591380ad/attachment.html>
More information about the AusNOG
mailing list