High Availabilty for VPNs
IPSec prevents many of the clever tricks high-availability products employ. We’ll show you a solution that provides transparent backup for IPSec connections.
System administrators often want a network connection system that switches transparently to a backup if the primary connection goes down. But if you use a VPN with IPsec to protect your traffic en route through the Internet, the backup line needs some special attention. The reason for this attention is that IPsec   requires consistent IP addresses at the endpoints of a tunnel, so when the network switches to a different tunnel, the IP addresses must switch to the new endpoints or else existing connections will be terminated. The Border Gateway Protocol (BGP ) offers a reliable means of maintaining a highly-available pool of IP addresses with a number of providers. Unfortunately, provider service agreements often prevent admins from using BGP for an existing Internet connection.