Minor comment - protocol 50 and 51, not port ... Also - worth noting, using TCP for remote client VPN's is useful as well ... like 443 since it will be permitted out from just about everywhere!
Thanks! TJ [EMAIL PROTECTED] -----Original Message----- From: Elijah Savage III [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: RE: VPN Concetrator #3030 [7:58982] I have just finished a project like this. You can only do one or the other you can't do redundant and load balancing all at once on the 3030. If you want to be redundant where if one concentrator fails secondary comes online and accepts request for it then you need to look into VRRP so easy to do on the concentrator. If you want to do load balancing then you will need to go to configuration, system, load balancing page on the concentrator and set those options real easy also but Cisco has tons of docs on CCO explaining it if you are not familiar. Now in load balancing mode it is sort of redundant, because what happens; based on cpu usage of your concentrators you have a master and slave the master will send a redirect to the client and tells the client which concentrator to connect to and if one fails then the other accepts all the connections so what you have is if 100 connections are on the master and the slave only has 50 connections more than likely the next connection to come in will go to the slave. There is a myth that it round robins the connections that is NOT true. There are also a few gotchas with this and arp and such like if you are going to be giving out different ip address for your dial in users than what subnet the concentrator is on then you will have to route traffic from your internal network to the interface of the concentrator because it does not answer arps for those clients, (hope I did not confuse you with that last statement). If you are going to put the concentrator behind a firewall make sure you pass all appropriate vpn traffic without filtering, such as port 50 port 51 port 500 to the concentrator. That should get you started in the right direction if you have any more DIRECT questions please let us know and we will try to help you out, if I missed anything I am sure someone else on the group will pick it up. -----Original Message----- From: neil K. [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: VPN Concetrator #3030 [7:58982] Hi All, Few questions regarding the VPN Concentrator 1. what do I do for Redundancy, ( VPN Redundant Bundle) 2. Load balancing 3. Where to put the Concentrator ( prefer putting the VPN Concetrator behind Firewall).What are issues I will have to consider if I put the concentrator behind Firewall. Thanks, Sunil ****************************************************************************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ****************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59022&t=58982 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
