This section applies to the 7750 SR, the 7450 ESS, and VSR.
Multi-Chassis IPsec redundancy (MC-IPsec) provides a 1:1 (active/standby) IPsec stateful failover mechanism between two chassis.
This feature provides protection against ISA failure and chassis failure.
MC-IPsec is supported for all types of IKEv2 tunnels, including static LAN-to-LAN, dynamic LAN-to-LAN and remote-access tunnels.
This feature is supported only on multi-active tunnel-groups.
The granularity of failover is per tunnel-group, which means a specific tunnel-group could failover to standby chassis independent of other tunnel-groups on the master chassis.
The components included in this feature are described in Table: MC-IPsec redundancy feature components.
| MC-IPsec redundancy feature component | Description |
|---|---|
|
Master election |
MIMP (MC-IPsec Mastership Protocol) runs between chassis to elect master, MIMP runs for each tunnel-group independently. |
|
Synchronization |
MCS (Multi-Chassis Synchronization) syncs IPsec states between chassis. |
|
Routing |
|