Ipsec stateful failover configuration example, Network requirements, Configuring secpath a – H3C Technologies H3C SecPath F1000-E User Manual

Page 226

Advertising
background image

214

IPsec stateful failover configuration example

Network requirements

As shown in

Figure 131

, a network has two gateways, SecPath A and SecPath B, at the headquarters.

Configure an IPsec tunnel between the headquarters and the branch to ensure secure communication.

Configure IPsec stateful failover on the firewalls for high availability of the IPsec tunnel:

Deploy a physical link for IPsec service data backup between SecPath A and SecPath B.

On SecPath A and SecPath B, add the uplink interface to VRRP group 2 and the downlink interface
to VRRP group 1, and assign the virtual IP address 192.168.0.1/24 to VRRP group 2 and the virtual
IP address 10.1.1.1/2 to VRRP group 1.

Use SecPath A to establish an IPsec tunnel with Router when it works normally, and make sure that
IPsec traffic is switched to SecPath B when SecPath A fails.

Figure 131 Network diagram

Configuring SecPath A

Assign IPv4 addresses to the interfaces. Make sure that SecPath A, SecPath B, and Router have IP

connectivity between them.

1.

Configure stateful failover:

Advertising