Cisco 2821 redundancy howto

Unanswered Question
Nov 20th, 2008

Hi, we have now two 2821 VPN concentrator, is there any way to make redundancy between them, one down-other up ¿?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
godzilla0 Mon, 11/24/2008 - 09:27

Ok so as I understand this doc, we only have to no-shutdown our free LAN ifaces on the routers, link the routers with a brand new cable, set the interfaces to a new subnet, create a crypto map to apply it to the new interfaces and then apply this block of code to each interface ( don't mind the example subnet example )

interface FastEthernet0/0

ip address 172.16.172.52 255.255.255.240

duplex full

speed 100

standby 1 ip 172.16.172.53

standby 1 priority 200

standby 1 preempt

standby 1 name VPNHA

standby 1 track FastEthernet0/1 150

crypto map vpn redundancy VPNHA

interface FastEthernet0/0

ip address 172.16.172.54 255.255.255.240

ip directed-broadcast

duplex full

standby 1 ip 172.16.172.53

standby 1 preempt

standby 1 name VPNHA

standby 1 track FastEthernet1/0

crypto map vpn redundancy VPNHA

Thanks.

Istvan_Rabai Mon, 11/24/2008 - 09:59

Yes, and you should create the VPN tunnel between the HSRP virtual IP address (172.16.172.53) and the remote inteface.

I.e. on the remote router you should apply the "set peer 172.16.172.53" command within the static crypto map.

On the HSRP routers you will need to create dynamic crypto maps, possibly with reverse route injection.

Cheers:

Istvan

cisco24x7 Mon, 11/24/2008 - 11:08

Keep in mind that the configuration does NOT

offer IPSec STATEFUL failover.

Istvan_Rabai Mon, 11/24/2008 - 13:09

Yes,

Stateful failover is a different story. Only some high-end platforms have that feature.

Istvan

cisco24x7 Mon, 11/24/2008 - 16:29

platform such as 2851 and 3845 can support

IPSec stateful failover.

That being said, IPSec stateful failover does

not work well on Cisco as compared to other

vendors such as Checkpoint or Juniper.

godzilla0 Tue, 11/25/2008 - 00:21

Ok, I'm only interested on physical redundancy anyways. Thank you all-

Actions

This Discussion