Your DNS server should be able to provide an IP address of a living host. The Branch
Gateway will perform a new DNS query and try to re-establish the VPN connection to the
newly provided IP address whenever it senses that the currently active remote peer stops
responding. The Branch Gateway can sense that a peer is dead when IKE negotiation
times-out, through DPD keepalives, and through object tracking.
• Using the Branch Gateway’s peer-group entity (see
on
page 542):
- Define a peer-group. A peer-group is an ordered list of redundant remote peers, only
one of which is active at any time. When the active peer is considered dead, the next
peer in the list becomes the active remote peer.
- When configuring a crypto map, point to the peer-group instead of to a single peer
Failover using GRE
A branch with a Branch Gateway can connect to two or more VPN hub sites, in a way that will
provide either redundancy or load sharing.
In this topology, the Branch Gateway is connected through its 10/100 WAN Ethernet port to a
DSL modem.
• Define two GRE Tunnel interfaces:
- GRE1 that leads to a Primary Main Office GRE End Point behind the VPN Hub
Gateway
- GRE2 that leads to a Backup Main Office GRE End Point behind the VPN Hub
Gateway
• Define two VPNs
• Connectivity to the networks in Primary/Backup Main Office is determined through GRE
keepalives. If network connectivity is lost due to failures in the WAN, in the Primary Main
Office, the GRE keep-alive will fail and the GRE interface will transition to a “down”
state.
Redundancy and load sharing modes
The two GRE tunnels can then be used for branch to Primary/Backup Main Office in either
Redundancy or Load sharing mode:
Redundancy:
GRE2 is configured as a backup interface for GRE1, and is activated only when
GRE1 is down
Load sharing:
Both Tunnel interfaces are active. Routing protocols (RIP or OSPF) route traffic
to destinations based on route cost and availability, as follows:
IPSec VPN
530 Administering Avaya G430 Branch Gateway
October 2013
Summary of Contents for G430
Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...
Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...
Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...
Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...