Cisco Cisco IOS Software Releases 12.2 MC Libro bianco
IPSec Stateful Failover (VPN High Availability)
Supported Platforms
6
Cisco IOS Release 12.2(11)YX, 12.2(11)YX1, 12.2(14)SU, 12.2(14)SU1, and 12.2(14)SU2
Restrictions
•
Does not support failover of IKECFG attributes.
•
Does not support IKE XAUTH states.
•
Supports just a single VAM/VAM2 card in each active/standby router.
•
Requires identical security policy configurations on both active and standby routers.
•
Requires that IKE keepalives must not be used; enabling this feature will cause the connection to be
torn down after the standby router assumes ownership control.
torn down after the standby router assumes ownership control.
•
Supports keepalives only with dead peer detection (DPD).
•
Requires that priority values are equal on both active and standby routers for IP redundancy.
•
IPSec MIB statistics could be erroneous on the standby router after a failover.
•
Requires that active and standby routers be connected to an Ethernet interface.
•
Does not support Cisco VPN Client 3.X client.
•
Does not support PKI certificates.
Related Features and Technologies
•
Internet Key Exchange (IKE)
•
IP Security (IPSec)
•
Reverse Route Injection (RRI)
•
Hot Standby Router Protocol (HSRP)
•
State Synchronization Protocol (SSP)
Related Documents
Supported Platforms
•
Cisco 7200 series