HA for IPsec L2L VPNs

Unanswered Question
Apr 27th, 2007

Hi Guys,

I?m willing to configure HA for IPSec L2L VPN tunnel on routers 2800 running IOS version 12.4(3a).

I had two identical routers and planning to configure HSRP for HA, I already had multiple VPN tunnels terminated on the outside interface and once I enabled the HSRP on that interface all the VPN sessions terminated and I noticed that the source interface for the VPN session became the actual IP address of the interface NOT the HSRP IP.

Any helpful comments will be high appreciated..

Regards,

Belal

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dominic.caron Sun, 04/29/2007 - 17:21

Hi

It's should work. You can still configure a static source in your cryptomap statement but that would only be a workaround. Can you post your crypto config and the config of your interfaces, I'll have a look.

balsheikh Sun, 04/29/2007 - 22:57

Hello,

I found some thing interesting regarding the same subject, to have the setup work normally u have to run Routing protocol to enable the RRI in case the primary link fall down.

I'll keep u with the config for the standby router, Have Fun :)

Kindly find out the attached..

Regards,

Attachment: 
dominic.caron Mon, 04/30/2007 - 17:00

Hi, In your config, you got this :

standby name HSRP-VPN

standby 4 ip 192.168.6.12

crypto map MY-vpn redundancy HSRP-VPN stateful

There a error there...it should be

standby 4 name HSRP-VPN

balsheikh Tue, 05/01/2007 - 07:10

Hello,

YES, you are absolutely right..

I'm now working to simulate the setup in lab environment, let's c whats coming up with me and i'll update u accordingly.

Many thx,

Belal

Actions

This Discussion