Configuring Criteria For Path Selection - Nokia IP40 User Manual
Hide thumbs
Also See for IP40:
- User manual (194 pages) ,
- Quick start manual (4 pages) ,
- User manual (120 pages)
Table of Contents
Advertisement
10
High Availability
Internet connection if any one high priority BGP peer becomes reachable. It drops the dial-
up connection when device falls back to primary Internet connection.
BGP—This mode is useful if device has LAN/PPPOE/PPTP/DHCP as primary Internet
connection and has no dial-up connection. Primary device of the Dual Device HA scenario
is configured to operate in this mode. In this scenario, you have another device acting as
backup. The backup device can have either dial-up or LAN/PPPOE/PPTP/DHCP for
Internet connection. primary and backup devices establish internal BGP (IBGP) session with
each other. The fail-over automatically takes place in the primary device based on the
availability of CO routes. (external or internal BGP (EBGP or IBGP)).
BGP-external—this mode is useful if the device has LAN/PPPOE/PPTO/DHCP as primary
Internet connection and DMZ as secondary Internet connection. In this mode, DMZ is
assumed to be secure and the traffic passing through DMZ will not be encrypted. So, DMZ
can be connected to an external VPN device or a router connected to frame relay network. In
this mode, IP40 uses DMZ as backup to the primary Internet connection. The traffic is
tunneled as long as BGP peer is reachable over VPN through primary Internet connection.
As soon as the BGP peer becomes unreachable, the traffic goes in plain text through DMZ
interface. Similar to the other modes, device continues to monitor the status of high priority
BGP peers and falls back to primary Internet connection if atleast one high priority BGP
peer becomes reachable.
Note
In this mode, encrypt flag must be disabled for DMZ.
Configuring Criteria for Path Selection
A VPN tunnel established with the given VPN peer is assumed to be disconnected or unavailable
if the corresponding BGP peer is unreachable.
HA enforces the primary Internet connection as the path for each high priority BGP peer and its
associated VPN peer by inserting static routes towards primary Internet connection. This ensures
continuous status monitoring of high priority BGP peers.
Use the following command to configure a remote-peer:
add bgp remote-peer <value ip_address>
Use the following command to delete a remote peer:
delete bgp remote-peer <value-ip_address>
134
vpn-peer <value ip_address>
priority <normal | high>
[gateway <value>
password <value>]
Nokia IP40 Security Platform User's Guide v1.1
Advertisement
Table of Contents
