Hi Group,
I am testing GET vpn with redundant KS, with single CA. My primary KS is
also CA for the GET VPN. I am thinking if my primary KS down the CA will
also be down if any certificate expires while the CA is down the the
secondary KS will be of no use because client will not be able to
authenticate through the certificates. So the best practice would be having
redundant CA as well.
I didn't see any working example configuration of redundant CA in GET VPN
literature. I would appreciate if someone provide any example configuration
of the redundant CA our point to any reference documents.
-- Best Regards, Mohammed Shoeb Ahmed Sr. Consultant, Blogs and organic groups at http://www.ccie.netReceived on Sat Jan 09 2010 - 18:47:04 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART