About backup servers – Cisco VPN 3002 User Manual
Page 64
6-4
VPN 3002 Hardware Client Reference
OL-1893-01
Chapter 6 Tunneling
Configuration | System | Tunneling Protocols | IPSec
Note
If you are using hostnames, it is wise to have backup DNS and WINS servers on a separate network
from that of the primary DNS and WINS servers. Otherwise, if clients behind the VPN 3002 obtain
DNS and WINS information from the VPN 3002 through DHCP, and the connection to the primary
server is lost, and the backup servers have different DNS and WINS information, clients cannot be
updated until the DHCP lease expires.
About Backup Servers
IPSec backup servers let a VPN 3002 connect to the central site when its primary central-site VPN
Concentrator is unavailable. You configure backup servers for a VPN 3002 either on the VPN 3002, or
on a group basis at the central-site VPN Concentrator. If you configure backup servers on the primary
central-site VPN Concentrator, that VPN Concentrator pushes the backup server policy to the VPN 3002
hardware clients in the group. By default, the policy is to use the backup server list configured on the
VPN 3002. Alternatively, the VPN Concentrator can push a policy that supplies a list of backup servers
in order of priority, replacing the backup server list on the VPN 3002 if one is configured. It can also
disable the feature and clear the backup server list on the VPN 3002 if one is configured.
illustrates how the backup server feature works.
Figure 6-3
Backup Server Implementation
XYZ corporation has large sites in three cities: San Jose, California; Austin, Texas; and Boston,
Massachusetts. They just opened a regional sales office in Fargo, North Dakota. To provide access to the
corporate network from Fargo, they use a VPN 3002 that connects to a VPN 3080 in San Jose (1). If the
VPN 3002 is unable to contact the corporate network, Fargo cannot place orders. The IPSec backup
server feature lets the VPN 3002 connect to one of several sites, in this case using Austin (2) and Boston
(3) as backup servers, in that order.
San Jose
VPN 3080
Concentrator
Austin
VPN 3000
Concentrator
Fargo
VPN 3002
Hardware Client
Boston
VPN 3000
Concentrator
68158
1
2
3