Sunday, July 20, 2008

Cisco Systems: Cisco IOS IPsec High Availability

Cisco IOS IPsec High Availability [IPSec Negotiation/IKE Protocols] - Cisco Systems The Cisco IOS IPsec High Availability (IPsec HA) Enhancements feature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways---that is, Cisco IOS Software-based routers. This feature works well for all IP Security (IPsec)-based networks. In an Enterprise-Class Teleworker (ECT) solution, which encompasses a Dynamic Multipoint VPN (DMVPN) architecture for data gateway infrastructure and plain IPsec for management gateway infrastructure, IPsec HA can be used to provide redundancy---that is, stateful failover and rollback of the gateways to provide uninterrupted management connectivity to the spokes. For more details about ECT deployment, please refer to the link given in the references section.
TOPOLOGY
In a DMVPN deployment, IPsec HA can be incorporated in the management gateways. The topology shown in Figure 1 indicates the connectivity between spokes and management gateways. The current topology for a DMVPN deployment is given in Figure 1.

No comments: