No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-How to Configure IPSec in Hot Standby Networking?

Publication Date:  2019-01-24 Views:  311 Downloads:  0

Issue Description

How to configure IPSec in hot standby networking?

Solution

Hot standby has two modes: active/standby and load balancing. IPSec hot standby requires that uplink and downlink service interfaces must be Layer 3 interfaces.
 Hot standby in active/standby mode
- When IPSec is used in hot standby networking, the hot standby configuration and IPSec configuration are the same as they run alone.
- An IPSec policy needs to be configured and applied to an interface only on one device. The configuration is automatically backed up to the other device.
- If the device serves as the initiator of an IPSec tunnel, you must run the local-address ip-address command to specify the virtual VRRP IP address as the IP address for initiating IPSec negotiation.
 Hot standby in load balancing mode
- In IPSec hot standby load balancing mode, you need to configure the policy status when applying the IPSec policy. An IPSec policy has three states: alone (no backup), master, and slave.
- An IPSec policy needs to be configured and applied to an interface only on the active device. The configuration is automatically backed up to the standby device.
- When IKEv2 is used to negotiate an IPSec tunnel to assign an IP address to an EAP user, different address pools must be configured on the load balancing devices. Otherwise, the same IP address may be allocated, causing a conflict.

END