HA for IPsec L2L VPNs

Unanswered Question
Apr 27th, 2007

Hi Guys,


I?m willing to configure HA for IPSec L2L VPN tunnel on routers 2800 running IOS version 12.4(3a).


I had two identical routers and planning to configure HSRP for HA, I already had multiple VPN tunnels terminated on the outside interface and once I enabled the HSRP on that interface all the VPN sessions terminated and I noticed that the source interface for the VPN session became the actual IP address of the interface NOT the HSRP IP.


Any helpful comments will be high appreciated..


Regards,

Belal

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dominic.caron Sun, 04/29/2007 - 17:21

Hi


It's should work. You can still configure a static source in your cryptomap statement but that would only be a workaround. Can you post your crypto config and the config of your interfaces, I'll have a look.



balsheikh Sun, 04/29/2007 - 22:57

Hello,


I found some thing interesting regarding the same subject, to have the setup work normally u have to run Routing protocol to enable the RRI in case the primary link fall down.


I'll keep u with the config for the standby router, Have Fun :)


Kindly find out the attached..

Regards,



Attachment: 
dominic.caron Mon, 04/30/2007 - 17:00

Hi, In your config, you got this :


standby name HSRP-VPN

standby 4 ip 192.168.6.12

crypto map MY-vpn redundancy HSRP-VPN stateful


There a error there...it should be

standby 4 name HSRP-VPN

balsheikh Tue, 05/01/2007 - 07:10

Hello,


YES, you are absolutely right..


I'm now working to simulate the setup in lab environment, let's c whats coming up with me and i'll update u accordingly.


Many thx,

Belal

Actions

This Discussion