[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: redundancy
Matt Field wrote:
> Hi,
>
> Can anyone illustrate if and how ipsec could handle multiple ipsec
> gateways to a single network. I have come accross the following
> scenario:
>
> ----------------------------------------- Network 1
> |
> | D
> --------------
> | |
> | |
> A B
> | |
> | |
> \ /
> \ /
> \ /
> C
> |
> ----------------------------------------- Network 2
>
> Network 1 has D which is a Front End Processor (FEP) that performs some
> kind of load balancing that may route packets either through ipsec
> gateways A or B. C is an ipsec gateway on a remote network. The
> problem is, if tunnels are created beween gateways A-C and B-C, then
> when C receives a packet from Network 2 for network 1, how does
> determine which SA to use since the destination address is behind both
> gateways?
>
> My guess is that this is an implementation detail and outside the scope
> of IPSEC but any thoughts on this would be useful.
Good solution would be add one more load balancer on other end ofA and B
too.
When you are using this type of solution, unless the load balancers
talk to each other, you can have only IP address based IPSEC policies.
>
>
> regards,
>
> Matt Field
Regards
Srini
References:
- redundancy
- From: Matt Field <MFIELD@securenet.com.au>