Filter
Top Products
32-12
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 32 Managing Remote Access VPNs on IOS and PIX 6.3 Devices
Configuring High Availability in Remote Access VPNs (IOS)
Table 32-4 High Availability Page, Remote Access VPNs
Element Description
Inside Virtual IP The IP address that is shared by the devices in the HA group and that
represents the inside interface of the HA group. The virtual IP address
must be on the same subnet as the inside interfaces of the devices in the
HA group, but must not be identical to the IP address of any of these
interfaces.
You must provide an inside virtual IP that matches the subnet of one of
the interfaces on the device, in addition to a VPN virtual IP that
matches the subnet of one of the device’s interfaces and is configured
with an IPsec proposal.
Note If there is an existing standby group on the device, make sure
that the IP address you provide is different from the virtual IP
address already configured on the device.
Inside Mask The subnet mask for the inside virtual IP address.
VPN Virtual IP The IP address that is shared by the devices in the HA group and
represents the VPN interface of the HA group. This IP address serves
as the endpoint of the VPN tunnel.
Note If there is an existing standby group on the device, make sure
that the IP address you provide is different from the virtual IP
address already configured on the device.
VPN Mask The subnet mask for the VPN virtual IP address.
Hello Interval The duration in seconds (within the range of 1-254) between each hello
message sent by a device to the other devices in the group to indicate
status and priority. The default is 5 seconds.
Hold Time The duration in seconds (within the range of 2-255) that a standby
device will wait to receive a hello message from the active device
before concluding that the device is down. The default is 15 seconds.
Standby Group Number
(Inside)
The standby number of the inside device interface that matches the
internal virtual IP subnet for the devices in the HA group. The number
must be within the range of 0-255. The default is 1.
Standby Group Number
(Outside)
The standby number of the outside device interface that matches the
external virtual IP subnet for the devices in the HA group. The number
must be within the range of 0-255. The default is 2.
Note The outside standby group number must be different to the
inside standby group number.
Failover Server The IP address or network/host policy object that identifies the inside
interface of the remote peer failover servers. Enter the IP address or
network/host object name, or click Select to select an object or to create
a new object.
Enable Stateful Failover Enables SSO for stateful failover. This option is always selected and
you cannot deselect it for remote access VPNs.