Cisco Cisco IOS Software Releases 12.2 MC Livre blanc
IPSec Stateful Failover (VPN High Availability)
Feature Overview
5
Cisco IOS Release 12.2(11)YX, 12.2(11)YX1, 12.2(14)SU, 12.2(14)SU1, and 12.2(14)SU2
Figure 5
GRE HA with Only a VIP on the Outside, Using RRI to Inject Routes
Feature Summary
provides a summary of features, by Cisco IOS software release.
Benefits
•
IPSec VPN tunnels assigned to an active router will automatically be transitioned to a standby router
upon any active router failure. Any transition from an active router to a standby router is transparent
to peers, and requires no remote peer adjustment or reconfiguration.
upon any active router failure. Any transition from an active router to a standby router is transparent
to peers, and requires no remote peer adjustment or reconfiguration.
•
Businesses employing IPSec Stateful Failover (VPN High Availability) are 100% redundant with
regard to IPSec VPN traffic.
regard to IPSec VPN traffic.
•
Utilizing IPSec Stateful Failover (VPN High Availability) does not appreciably affect overall router
performance.
performance.
•
Generic routing encapsulation (GRE) supports multicast traffic, critical for V3PN applications.
114416
Reverse Route Injection (RRI) is configured
on the head-end router when the tunnel is forming.
RRI injects static routes to the remote network.
Head-End
A
S
Remote
LAN
Peer
Private LAN
Peer
GRE Tunnel
GRE Tunnel
Internet
Outside
VIP
Table 1
Feature List Comparison
Feature
12.2(11)YX
12.2(11)YX1
12.2(14)SU
12.2(14)SU1 12.2(14)SU2
GRE + IPSec Stateful Failover
No
Yes
Yes
Yes
Yes
Encrypted Pre-Shared Keys
No
No
Yes
Yes
Yes
AES support
No
No
Only for
pre-shared
keys
pre-shared
keys
Only for
pre-shared
keys
pre-shared
keys
Only for
pre-shared
keys
pre-shared
keys
G1 processor
No
No
Yes
Yes
Yes
VAM
Yes
Yes
Yes
Yes
Yes
VAM2
No
No
Yes
Yes
Yes