About backup servers – Cisco VPN 3002 User Manual

Page 64

Advertising
background image

6-4

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 6 Tunneling

Configuration | System | Tunneling Protocols | IPSec

Note

If you are using hostnames, it is wise to have backup DNS and WINS servers on a separate network
from that of the primary DNS and WINS servers. Otherwise, if clients behind the VPN 3002 obtain
DNS and WINS information from the VPN 3002 through DHCP, and the connection to the primary
server is lost, and the backup servers have different DNS and WINS information, clients cannot be
updated until the DHCP lease expires.

About Backup Servers

IPSec backup servers let a VPN 3002 connect to the central site when its primary central-site VPN
Concentrator is unavailable. You configure backup servers for a VPN 3002 either on the VPN 3002, or
on a group basis at the central-site VPN Concentrator. If you configure backup servers on the primary
central-site VPN Concentrator, that VPN Concentrator pushes the backup server policy to the VPN 3002
hardware clients in the group. By default, the policy is to use the backup server list configured on the
VPN 3002. Alternatively, the VPN Concentrator can push a policy that supplies a list of backup servers
in order of priority, replacing the backup server list on the VPN 3002 if one is configured. It can also
disable the feature and clear the backup server list on the VPN 3002 if one is configured.

Figure 6-3

illustrates how the backup server feature works.

Figure 6-3

Backup Server Implementation

XYZ corporation has large sites in three cities: San Jose, California; Austin, Texas; and Boston,
Massachusetts. They just opened a regional sales office in Fargo, North Dakota. To provide access to the
corporate network from Fargo, they use a VPN 3002 that connects to a VPN 3080 in San Jose (1). If the
VPN 3002 is unable to contact the corporate network, Fargo cannot place orders. The IPSec backup
server feature lets the VPN 3002 connect to one of several sites, in this case using Austin (2) and Boston
(3) as backup servers, in that order.

San Jose

VPN 3080

Concentrator

Austin

VPN 3000

Concentrator

Fargo

VPN 3002

Hardware Client

Boston
VPN 3000
Concentrator

68158

1

2

3

Advertising