HA for IPsec L2L VPNs

balsheikh · ‎04-27-2007

Hi Guys,

I?m willing to configure HA for IPSec L2L VPN tunnel on routers 2800 running IOS version 12.4(3a).

I had two identical routers and planning to configure HSRP for HA, I already had multiple VPN tunnels terminated on the outside interface and once I enabled the HSRP on that interface all the VPN sessions terminated and I noticed that the source interface for the VPN session became the actual IP address of the interface NOT the HSRP IP.

Any helpful comments will be high appreciated..

Regards,

Belal

dominic.caron · ‎04-29-2007

Hi

It's should work. You can still configure a static source in your cryptomap statement but that would only be a workaround. Can you post your crypto config and the config of your interfaces, I'll have a look.

balsheikh · ‎04-29-2007

Hello,

I found some thing interesting regarding the same subject, to have the setup work normally u have to run Routing protocol to enable the RRI in case the primary link fall down.

I'll keep u with the config for the standby router, Have Fun :)

Kindly find out the attached..

Regards,

dominic.caron · ‎04-30-2007

Hi, In your config, you got this :

standby name HSRP-VPN

standby 4 ip 192.168.6.12

crypto map MY-vpn redundancy HSRP-VPN stateful

There a error there...it should be

standby 4 name HSRP-VPN

balsheikh · ‎05-01-2007

Hello,

YES, you are absolutely right..

I'm now working to simulate the setup in lab environment, let's c whats coming up with me and i'll update u accordingly.

Many thx,

Belal