Cisco Cisco IOS Software Release 12.2(14)S
2
Release Notes for Cisco 7000 Family for Cisco IOS Release 12.2(14)SU2
OL-6724-01 B0
Introduction
Introduction
Cisco IOS Software Release 12.2(14)SU2 features Stateful Failover of IPSec security associations (SAs)
for site-to-site VPN (see
for site-to-site VPN (see
), storage of encrypted pre-shared keys in the configuration, Cisco 7200
NPE-G1 processor support, and VAM2 crypto card support (DES and 3DES only). Cisco IOS Software
Release 12.2(14)SU2 is based on Cisco IOS Release 12.2(14)SU.
Release 12.2(14)SU2 is based on Cisco IOS Release 12.2(14)SU.
shows a sample topology for site-to-site configuration of IPSec Stateful Failover with Generic
Routing Encapsulation (GRE), a tunnel interface not tied to specific “passenger” or “transport”
protocols.
protocols.
GRE supports multicast traffic, critical for V3PN applications.
Figure 1
Site-to-Site VPN Configuration
There are four possible configurations for the Cisco 7200 series routers using Cisco IOS
Release 12.2(14)SU2:
Release 12.2(14)SU2:
•
non-GRE High Availability (HA) with a virtual IP (VIP), or redundancy groups, on the outside and
a VIP on the inside (see
a VIP on the inside (see
)
•
non-GRE HA with only VIPs on the outside. The route to the outside is provided by Reverse Route
Injection (RRI) (see
Injection (RRI) (see
•
GRE HA, with VIPs on the outside and inside interfaces (see
)
•
GRE HA, with only a VIP on the outside, using RRI to inject routes (see
Remote Peer 1
Internet
Headquarters
(Private Network)
Remote Peer N
97371
Standby
Head-End
Router
Head-End
Router
VIP
(shared IP
address)
GRE Tunnel 1
GRE Tunnel N