Using an IPsec Tunnel as a Backup WAN Link
You can configure an IPsec VPN tunnel over the Internet as a backup to your
primary WAN link. Switchover can use either an IGP or HSRP. Ensure that
the primary WAN link is used when it is available by either adjusting the
routing protocol metric or using floating static routes.
Cisco Easy VPN
Easy VPN allows a server to push down VPN configuration to a client. It is a
way to create site-to-site VPNs without manually configuring each remote
router. Therefore, it is good for remote sites without technical support. It can
also be used with software clients for remote users.
Cisco Easy VPN dynamically handles the following items:
■ Negotiating VPN tunnel parameters
■ Establishing the VPN tunnel based on those parameters
■ NAT, PAT, or ACL configuration
■ User authentication
■ Managing encryption and decryption keys
■ Authenticating, encrypting, and decrypting traffic
Cisco Easy VPN has two components: a server and a remote client. The
Easy VPN Server can be a Cisco router, PIX firewall, or Cisco VPN concentrator.
It contains security policies and pushes those to remote clients. The
Easy VPN Remote can be a Cisco router, PIX or ASA firewall, or a hardware
client or a software client. It contacts the server and receives policies from it
to establish the tunnel.