08-15-2009 01:32 AM
Dear All,
Scenario:
--------
I have 2 vpn concentrator 3060 configured VRRP Master/Backup.
L2L is confiured in the concentrator .
Remote-offices Router/ASA is connected the Concentrator.
What will the configuration in the remoteoffice device? the peer-ip should be the VRRP IP?
we have to configure both vpn concentrator IP in the ASA/router.
eg:-set peer vrrrp ip of the Master
set peer ip of the backup.
Kindly advice me.
Regards
Subash.c
08-17-2009 05:56 AM
Here is a URL on CCO that describes how to configure VRRP on the VPN concentrator. I hope it is of help to you.
08-17-2009 09:34 PM
Hi Slamans,
I am following this documents..
My doubts are given below:-
1) In the backup concentrator what is the ""ROle"Master/Backup1.?
2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?
3)Lan-Lan IPec will establish the VRRP IP?
Regards
Subash.c
08-18-2009 07:40 AM
1) In the backup concentrator what is the ""ROle"Master/Backup1.?
The backup with a number after it is the precedence of that VPN concentrator in the VRRP group. It looks to me as though Backup1 is the highest precendence of the backup concentrators, followed by .2, .3, etc.
2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?
On the Master system, the VRRP entries are the IP addresses configured on its Ethernet interfaces, and the Manager supplies them by default.
On a Backup system, the fields are empty by default, and you must enter the same IP addresses as those on the Master system.
3)Lan-Lan IPec will establish the VRRP IP?
If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and
Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need
only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN
connection, switchover is seamless.
HTH
08-18-2009 09:22 PM
Dear Slams,
In that case, if we change the physical IP for the box with the same VRRP ip and tried connecting site to site VPN once again. it will work?
Regards
Subash
08-19-2009 05:36 AM
If you are referring to the master concentrator, you can change the physical IP on that box, which will change the VRRP IP, which you will use on the backup concentrators and the remote peer address on your remote site gateways.
I would also clear the ARP caches on the other devices that share a network with the master concentrator.
08-19-2009 10:17 PM
Hi Slmans,
Thanks for the update.
This comming sunday , i have this activity VPN concentrator VRRP.I am following the VRRP cisco doc..
I will update you.
Regards
Subash.c
11-12-2010 02:58 AM
Hi Subash,
this implementation went well for you?
Thank you.
Best regards,
Norberto
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: