VPN concentrator VRRP.

Unanswered Question
Aug 15th, 2009
User Badges:

Dear All,

Scenario:

--------

I have 2 vpn concentrator 3060 configured VRRP Master/Backup.


L2L is confiured in the concentrator .


Remote-offices Router/ASA is connected the Concentrator.


What will the configuration in the remoteoffice device? the peer-ip should be the VRRP IP?

we have to configure both vpn concentrator IP in the ASA/router.


eg:-set peer vrrrp ip of the Master

set peer ip of the backup.


Kindly advice me.


Regards

Subash.c


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
subashmbi Mon, 08/17/2009 - 21:34
User Badges:

Hi Slamans,


I am following this documents..


My doubts are given below:-


1) In the backup concentrator what is the ""ROle"Master/Backup1.?


2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?


3)Lan-Lan IPec will establish the VRRP IP?


Regards

Subash.c



slmansfield Tue, 08/18/2009 - 07:40
User Badges:
  • Silver, 250 points or more

1) In the backup concentrator what is the ""ROle"Master/Backup1.?


The backup with a number after it is the precedence of that VPN concentrator in the VRRP group. It looks to me as though Backup1 is the highest precendence of the backup concentrators, followed by .2, .3, etc.


2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?


On the Master system, the VRRP entries are the IP addresses configured on its Ethernet interfaces, and the Manager supplies them by default.


On a Backup system, the fields are empty by default, and you must enter the same IP addresses as those on the Master system.


3)Lan-Lan IPec will establish the VRRP IP?


If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and

Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need

only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN

connection, switchover is seamless.


HTH

subashmbi Tue, 08/18/2009 - 21:22
User Badges:

Dear Slams,


In that case, if we change the physical IP for the box with the same VRRP ip and tried connecting site to site VPN once again. it will work?


Regards

Subash


slmansfield Wed, 08/19/2009 - 05:36
User Badges:
  • Silver, 250 points or more

If you are referring to the master concentrator, you can change the physical IP on that box, which will change the VRRP IP, which you will use on the backup concentrators and the remote peer address on your remote site gateways.


I would also clear the ARP caches on the other devices that share a network with the master concentrator.

subashmbi Wed, 08/19/2009 - 22:17
User Badges:

Hi Slmans,


Thanks for the update.


This comming sunday , i have this activity VPN concentrator VRRP.I am following the VRRP cisco doc..


I will update you.


Regards

Subash.c

Norberto Salgado Fri, 11/12/2010 - 02:58
User Badges:

Hi Subash,


this implementation went well for you?


Thank you.


Best regards,


Norberto

Actions

This Discussion