cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1113
Views
0
Helpful
7
Replies

VPN concentrator VRRP.

subashmbi
Level 1
Level 1

Dear All,

Scenario:

--------

I have 2 vpn concentrator 3060 configured VRRP Master/Backup.

L2L is confiured in the concentrator .

Remote-offices Router/ASA is connected the Concentrator.

What will the configuration in the remoteoffice device? the peer-ip should be the VRRP IP?

we have to configure both vpn concentrator IP in the ASA/router.

eg:-set peer vrrrp ip of the Master

set peer ip of the backup.

Kindly advice me.

Regards

Subash.c

7 Replies 7

slmansfield
Level 4
Level 4

Here is a URL on CCO that describes how to configure VRRP on the VPN concentrator. I hope it is of help to you.

http://www.cisco.com/application/pdf/paws/7210/vrrp.pdf

Hi Slamans,

I am following this documents..

My doubts are given below:-

1) In the backup concentrator what is the ""ROle"Master/Backup1.?

2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?

3)Lan-Lan IPec will establish the VRRP IP?

Regards

Subash.c

1) In the backup concentrator what is the ""ROle"Master/Backup1.?

The backup with a number after it is the precedence of that VPN concentrator in the VRRP group. It looks to me as though Backup1 is the highest precendence of the backup concentrators, followed by .2, .3, etc.

2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?

On the Master system, the VRRP entries are the IP addresses configured on its Ethernet interfaces, and the Manager supplies them by default.

On a Backup system, the fields are empty by default, and you must enter the same IP addresses as those on the Master system.

3)Lan-Lan IPec will establish the VRRP IP?

If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and

Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need

only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN

connection, switchover is seamless.

HTH

Dear Slams,

In that case, if we change the physical IP for the box with the same VRRP ip and tried connecting site to site VPN once again. it will work?

Regards

Subash

If you are referring to the master concentrator, you can change the physical IP on that box, which will change the VRRP IP, which you will use on the backup concentrators and the remote peer address on your remote site gateways.

I would also clear the ARP caches on the other devices that share a network with the master concentrator.

Hi Slmans,

Thanks for the update.

This comming sunday , i have this activity VPN concentrator VRRP.I am following the VRRP cisco doc..

I will update you.

Regards

Subash.c

Hi Subash,

this implementation went well for you?

Thank you.

Best regards,

Norberto

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: