Cisco Cisco IOS Software Release 12.2(14)S
2
Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2(14)SU
OL-5458-01 B0
Introduction
Introduction
Cisco IOS Software Release 12.2(14)SU features Stateful Failover of IPSec security associations (SAs)
for site-to-site VPN (see
for site-to-site VPN (see
), storage of encrypted pre-shared keys in the configuration, Cisco 7200
NPE-G1 processor support, and VAM2 crypto card support (DES and 3DES only). Cisco IOS Software
Release 12.2(14)SU is based on Cisco IOS Release 12.2(11)YX, which supports Stateful Failover of
IPSec SAs for site-to-site VPNs, but not on Cisco 7200 routers with the NPE-G1 processor, and not on
VAM2 crypto cards.
Release 12.2(14)SU is based on Cisco IOS Release 12.2(11)YX, which supports Stateful Failover of
IPSec SAs for site-to-site VPNs, but not on Cisco 7200 routers with the NPE-G1 processor, and not on
VAM2 crypto cards.
shows a sample topology for site-to-site configuration of IPSec Stateful Failover with Generic
Routing Encapsulation (GRE), a tunnel interface not tied to specific “passenger” or “transport”
protocols.
protocols.
GRE supports multicast traffic, critical for V3PN applications.
Figure 1
Site-to-Site VPN Configuration
There are four possible configurations for the Cisco 7200 series routers using Cisco IOS
Release 12.2(14)SU:
Release 12.2(14)SU:
•
non-GRE High Availability (HA) with a virtual IP (VIP), or redundancy groups, on the outside and
a VIP on the inside (see
a VIP on the inside (see
)
•
non-GRE HA with only VIPs on the outside. The route to the outside is provided by Reverse Route
Injection (RRI) (see
Injection (RRI) (see
•
GRE HA, with VIPs on the outside and inside interfaces (see
)
•
GRE HA, with only a VIP on the outside, using RRI to inject routes (see
Remote Peer 1
Internet
Headquarters
(Private Network)
Remote Peer N
97371
Standby
Head-End
Router
Head-End
Router
VIP
(shared IP
address)
GRE Tunnel 1
GRE Tunnel N