[VPN] IPSec tunnel failover
Travis Watson
rtwatson at gmail.com
Fri Feb 11 13:34:37 EST 2005
ADiaz at t-systems.com wrote:
>VPN Wizards,
>I have been tasked to configure IPSec tunnels from a remote site (1751 w/Cisco Secure IOS) terminating on 2 different Nokia IP380 firewalls. The customer is requesting that the traffic be divided into the tunnels by certain traffic type. One tunnel will transport SAP, terminating on 1 firewall and the other tunnel will transport e-mail, miscelleanous traffic,terminating on the other firewall. They also are requesting that in the event that one tunnel fails the traffic of the failed tunnel be automatically re-routed to the other available tunnel.
>Can anyone let me know if this is feasible and how it is done. Do I need additional hardware or sofware to resolve this request?
>
>Thanks,
>
>al
>_______________________________________________
>VPN mailing list
>VPN at lists.shmoo.com
>http://lists.shmoo.com/mailman/listinfo/vpn
>
>
>
>
Not really, no. You could do it, conceivably, it you got firewall load
balancers to put in front and behind to handle the failover, but that
would be a waste of time and money (lots of both). It seems better to
use QOS.
It sounds like their crack rock is SAP and everyone else be damned, so
guarantee SAP xMB of traffic (or negate it by limiting everything else
to xMB). If they want failover, the two firewalls have to work
together, with the same policy.
--Travis
More information about the VPN
mailing list