High-Availability VPNs
Four typical types of failures that affect a VPN, and ways to mitigate them,
are as follows:
■ Failure of an access link—Use multiple links to mitigate an access
link failure.
■ Failure of a remote IPsec peer—Use multiple peers to mitigate a
remote peer failure.
■ Failure of a VPN device—Use multiple devices in critical locations to
mitigate a device failure.
■ Failure someplace along the Internet path—Provide multiple independent
paths to mitigate a path failure.
Routers can use a routing protocol or IPsec’s Dead Peer Detection (DPD) to
detect a failure across a VPN. Hot Standby Routing Protocol (HSRP),
Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing
Protocol (GLBP) can detect local failures.