Table of Contents
Advertisement
8
IP Routing
Configuration | System | IP Routing | Redundancy
This screen lets you configure parameters for Virtual Router Redundancy Protocol (VRRP), which
manages automatic switchover from one VPN Concentrator to another in a redundant installation.
Automatic switchover provides user access to the VPN even if one VPN Concentrator is out of service
for some reason; e.g., system crash, power failure, hardware failure, physical interface failure, system
shutdown or reboot.
These functions apply only to installations where two or more VPN Concentrators are in parallel, with
the Public interfaces of all systems on a common LAN and with the Private and/or External interfaces
of all systems on different common LANs. One VPN Concentrator is the Master system, and the others
are Backup systems. A Backup system acts as a virtual Master system when a switchover occurs.
VRRP works only on LAN (Ethernet) interfaces, not on WAN interfaces.
This feature supports user access via IPSec LAN-to-LAN connections, IPSec client (single-user
remote-access) connections, and PPTP client connections.
• For IPSec LAN-to-LAN connections, switchover is fully automatic. Users need do nothing.
• For single-user IPSec and PPTP connections, users are disconnected from the failing system but they
can reconnect without changing any connection parameters.
Switchover typically occurs within 3 to 10 seconds.
Notes:
Before configuring or enabling VRRP on this screen, you must configure all Ethernet interfaces that
apply to your installation, on all redundant VPN Concentrators. See the Configuration | Interfaces screens.
You must also configure identical IPSec LAN-to-LAN parameters on the redundant VPN Concentrators.
See the Configuration | System | Tunneling Protocols | IPSec LAN-to-LAN screens.
Figure 8-9: Configuration | System | IP Routing | Redundancy screen
8-12
VPN 3000 Concentrator Series User Guide
Hide quick links:
Advertisement
Table of Contents
