VRRP

1. Redundant VPN Concentrators are identified by group.

2. A single Master is chosen for the group.

3. One or more VPN Concentrators can be Backups of the group's Master.

4. The Master communicates its state to the Backup devices.

5. If the Master fails to communicate its status, VRRP tries each Backup in order of precedence. The responding Backup assumes the role of Master.

   Note: VRRP enables redundancy for tunnel connections only. Therefore, if a VRRP failover occurs, the backup only listens to tunnel protocols and traffic. Pinging the VPN Concentrator does not work. Participating VPN Concentrators must have identical configurations. The virtual addresses configured for VRRP must match those configured on the interface addresses of the Master.

Configure VRRP

VRRP is configured on the public and private interfaces in this configuration. VRRP applies only to configurations where two or more VPN Concentrators operate in parallel. All participating VPN Concentrators have identical user, group, and LAN-to-LAN settings. If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN connection, switchover is seamless.

This procedure shows how to implement this sample configuration.

On the Master and Backup systems:

1. Select Configuration > System > IP Routing > Redundancy. Change only these parameters. Leave all other parameters in their default state:

   1. Enter a password (maximum of 8 characters) in the Group Password field.

   2. Enter the IP addresses in the Group Shared Addresses (1 Private) of Master and all Backup systems. For this example, the address is 10.10.10.1.

   3. Enter the IP addresses in the Group Shared Addresses (2 Public) of Master and all Backup systems. For this example, the address is 63.67.72.155.

2. Go back to the Configuration > System > IP Routing > Redundancy windows on all units and check Enable VRRP.

   Note: If you configured Load Balancing between the two VPN Concentrators before and you are configuring VRRP on them, make sure you take care of the IP address pool configuration. If you use the same IP pool as before, you need to change them. This is necessary because the traffic from one IP pool in a Load Balancing scenario is directed to only one of the VPN Concentrators.

Sent from my iPad