I have two redundant J series routers terminating the internet connection. On the other side of both routers, I have a SA4500 providing SSL VPN service. Now how would I configure redundancy between these 3 devices in a way that if one J series router is down, ssl traffic is processed through other J series. I have tried configuring VRRP between J series and SA 4500 but traffic slows down drastically even with one devices set to primary and the sec device no preempt. I have to define one IP address on the SA for all the outgoing traffic.
I would appreciate any suggestions,
I dont think you need any extra configs on the SA4500 to handle a failover situation on the J-series routers.
As long as the the user requests can hit the SA device it will continue to function seemlessly without having any info about the upstream routers.
You may need to post this query in the router forums to confirm if you need any extra configs on the router for the failover to occur between them.
you see I have to define a default gateway on the SA for the traffic to go out and because I have a pair of J series acting as the exit point for the SA, I have to have a single IP( VRRP Virtual IP). OR my question:
Should I define multiple default gateways with different metrics or preference.
The VRRP virtual IP should work fine as I am forcing one of the J series to be master and other one is not preempting. But for some reason it is slowing down the connection to an unacceptable limit. I will take your suggestion and post this in the routing section.
Thanks for your help,