FlexVPN Redundancy Tidbit

I want to cover the most commonly used FlexVPN redundancy designs since I intend on building out a few scenarios to play with for studying purposes. The most common designs include:

  • Dual cloud approach, where a spoke has two separate tunnels active to both hubs at all times.

  • Failover approach, where a spoke has an active tunnel with one hub at any given point in time.

Both of which have their own unique pros/cons. In the dual cloud approach, you get the advantage of having quicker recovery during a failure, which is typically dependent upon routing timers. You also have more possibilities to distribute traffic since both tunnels to each respective hub are up. A downfall to the dual cloud approach is that because both sessions are active on each hub more resources are used.

With the Failover approach, you no longer need to rely on a routing protocol & the configuration is much simpler as it is built into FlexVPN. An issue with this approach is that the recovery time is less than the dual hub approach since it is based on DPD (dead peer detection) OR object tracking. Lastly, another con is that all traffic traverses one hub.

To see these designs in action see more FlexVPN posts. Cheers!


Recent Posts

See All

ASA Security Contexts Tidbit

In this tidbit I want to explain what Cisco ASA Security Contexts are in this blog. A very plain & simple way to put it, security contexts are a way to logically divide the ASA into multiple logical

Fundamentals of PKI Tidbit

I want to touch on some of the fundamentals and standards involved with PKI to give us an overview of what things are/mean. To start let's cover what the standards are. So you have probably seen or

BGP Peer Groups Tidbit

I want to touch on BGP peer groups in this tidbit to explain what they are & why they are important. Peer groups in BGP can greatly simplify configuration when BGP neighbors share a lot of the same ou


© 2023 by Train of Thoughts. Proudly created with Wix.com