HA for IPsec L2L VPNs

Unanswered Question
Apr 27th, 2007
User Badges:

Hi Guys,

I?m willing to configure HA for IPSec L2L VPN tunnel on routers 2800 running IOS version 12.4(3a).

I had two identical routers and planning to configure HSRP for HA, I already had multiple VPN tunnels terminated on the outside interface and once I enabled the HSRP on that interface all the VPN sessions terminated and I noticed that the source interface for the VPN session became the actual IP address of the interface NOT the HSRP IP.

Any helpful comments will be high appreciated..



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
dominic.caron Sun, 04/29/2007 - 17:21
User Badges:
  • Silver, 250 points or more


It's should work. You can still configure a static source in your cryptomap statement but that would only be a workaround. Can you post your crypto config and the config of your interfaces, I'll have a look.

balsheikh Sun, 04/29/2007 - 22:57
User Badges:


I found some thing interesting regarding the same subject, to have the setup work normally u have to run Routing protocol to enable the RRI in case the primary link fall down.

I'll keep u with the config for the standby router, Have Fun :)

Kindly find out the attached..


dominic.caron Mon, 04/30/2007 - 17:00
User Badges:
  • Silver, 250 points or more

Hi, In your config, you got this :

standby name HSRP-VPN

standby 4 ip

crypto map MY-vpn redundancy HSRP-VPN stateful

There a error there...it should be

standby 4 name HSRP-VPN

balsheikh Tue, 05/01/2007 - 07:10
User Badges:


YES, you are absolutely right..

I'm now working to simulate the setup in lab environment, let's c whats coming up with me and i'll update u accordingly.

Many thx,



This Discussion