On 2/29/08, Erich Titl <erich.titl@...> wrote:
> Hi Josh
> josh wrote:
> > Hi.
> > We thought about using a VIP on the front end served up via CARP, then
> > running ripng on the back end for announcing the routes into the Cisco
> > environment, but I am open to suggestions.
> > Another option is to just split the clients, pointing half and one T1000
> > and the other half at another, but then the problem is if you lose one
> > of them, you have to either assign a secondary IP to the "live" and make
> > manual route changes.
> > I know that you can use the "remote-random" feature to alternate between
> > several vpn servers, but that does not address the issue of determining
> > from the internal networks which T1000 one would use to get back to the
> > VPN client. (this is a site-to-site VPN scenario)
> Why can't you just NAT the VPN traffic on the two endpoints?
I don't quite follow.
Currently the servers have the following configuration:
bge0: 216.x.x.x (internet facing)
bge1: 172.35.1.x (private facing)
Then behind the bge1 interface there's a whole internal network setup
with multiple routes, etc.
So I would need to somehow tell the router behind bge1 which client
networks are connected to which T1000's.