I will be using ASRs, route based VPNs with VTIs.
Mike On Thu, Feb 8, 2018 at 6:13 PM, Jeff Orr <jeffb...@gmail.com> wrote: > We use HA VPN (HSRP) for our IPSEC based business partners. It has worked > well for years, but I’m only partly happy. > > We have built our data centers to be as independent as possibly. Minimal > OTV, routed mainframe, separate internal and external up space. However, > with HA VPN, I have to have L2 stretch & advertise the specific/24 out if > both DCs. > > The main benefit is our partners only setup one tunnel and neither side > has to work about DR. Internally we use RRI into our IGP to steer traffic > to the proper router. > > On Thu, Feb 8, 2018 at 5:34 PM harbor235 <harbor...@gmail.com> wrote: > >> I am looking to implement a highly available IPSEC route based VPN. >> Traditionally I would bring up multiple tunnels with multiple BGP peers in >> a dual router setup. >> >> IPSEC HSRP design appears to be the flavor of the day, failover times >> appear to be lengthy compared to failover times via BGP. IS anyone using >> the HSRP HA setup? Are your experiences good or bad? Has the BGP route >> based IPSEC VPN design fallen from grace? >> >> >> Mike >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/