I will be using ASRs, route based VPNs with VTIs.
On Thu, Feb 8, 2018 at 6:13 PM, Jeff Orr <jeffb...@gmail.com> wrote:
> We use HA VPN (HSRP) for our IPSEC based business partners. It has worked
> well for years, but I’m only partly happy.
> We have built our data centers to be as independent as possibly. Minimal
> OTV, routed mainframe, separate internal and external up space. However,
> with HA VPN, I have to have L2 stretch & advertise the specific/24 out if
> both DCs.
> The main benefit is our partners only setup one tunnel and neither side
> has to work about DR. Internally we use RRI into our IGP to steer traffic
> to the proper router.
> On Thu, Feb 8, 2018 at 5:34 PM harbor235 <harbor...@gmail.com> wrote:
>> I am looking to implement a highly available IPSEC route based VPN.
>> Traditionally I would bring up multiple tunnels with multiple BGP peers in
>> a dual router setup.
>> IPSEC HSRP design appears to be the flavor of the day, failover times
>> appear to be lengthy compared to failover times via BGP. IS anyone using
>> the HSRP HA setup? Are your experiences good or bad? Has the BGP route
>> based IPSEC VPN design fallen from grace?
>> cisco-nsp mailing list firstname.lastname@example.org
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
cisco-nsp mailing list email@example.com
archive at http://puck.nether.net/pipermail/cisco-nsp/