12-27-2007 05:41 AM - edited 02-21-2020 03:27 PM
Friends,
I have two vpn concentrators on which our different office get connect as lan to lan. I configured vrrp for redundancy and RRI (Reverse Route Injection) so that when vpn concentrators make a tunnel with remote sites, they add remote networks in their routing table. ospf is configured on vpn concentrators so that they advertise all remote networks in ospf domain. Hence when vrrp master vpn box is active, all remote site establish tunnel with it. It advertises remote networks in ospf domain as i can have access to that remote network. When i unplug master, backup vpn box become active and all tunnels shift to it and it properly start advertising remote networks. Now issue is: when master come active back, all shift back to master again BUT master doesn't advertise networks again and backup keeps advertise.
I think this is because of malfunctioning of RRI. When master come up, backup box must stop advertising and master must do it again. You can find link of my topology below:
http://img172.imageshack.us/img172/2175/topologyxb3.jpg
Waiting for your immediate response........
Best Regards
12-28-2007 11:00 PM
still waiting.......
04-18-2008 09:00 AM
Hi,
I need your help in configuring the VRRP on vpn concentrator. First I wana tell you how i configure my concentrator.
I enable VRRP, group ID and share addresses which is configured on master (my concentrator 1)
Then i copy its configuration and after modifying the public and private IP addresses I load it on my 2nd concentrator,
After upload, my 2nd concentrator is only able to access I am not able to access my 1st concentrator.
Shall I modify the configuration on 2nd concentrator for VRRP as backup or it is normal behaviour, I am using static routes and all rotues are point towards the IP of concentrator 1.
Tunnel will be made on Concentrator 1 Public Ip addresses.
If I reboot my 2nd concentrator during the time it comes back i am able to access the concentrator 1 as soon as it comes it, it is again not accessible.
how the configuration replicate, if i configure tunnel on concentrator 2, how to upload on concentrator 1. bcz I am not able to access it.
Shall i change configuration on concentrator 2 as backup VRRP Role.
Please guide
04-18-2008 03:12 PM
According to cisco, written in CSVPN book
VRRP (Virtual Router Redundancy Protocol) and RRI (Reverse Route Injection)
are incompatible and should not be used together.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide