IPSec and redundancy is hard. The usual recommendation is to use GRE
tunnels over IPSec, since the tunnels provide a logical interface over which
you can run a routing protocol that will provide the redundancy.
With plain old IPSec, you use access-lists to specify which traffic goes to
which peer, and you can't overlap any of your crypto access-lists (those
referenced in a "match address" command in a crypto map). This precludes
the possiblity of doing redundancy this way.
That being said, you don't want to terminate 150 peers in your 7513,
especially if you want that router to do anything else. With this scale of
VPN network, you should have a dedicated VPN concentrator.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9441&t=9225
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
