Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
0
Helpful
4
Replies

HSRP tracking IPSEC session status

Go to solution
anilrs3
Level 1
Level 1

‎01-16-2012 02:54 AM - edited ‎03-04-2019 02:55 PM

Hi All,

I have a requirement where HSRP is running on the LAN side and IPSEC VPN is established with the remote site CPE. HSRP is trakcing the WAN interface status. How can I track the IPSEC VPN status also for HSRP failover.

I can see there are many documents in Internet showing how to track HSRP and IPSEC running on the same Interface.But in this case HSRP is on the LAN and IPSEC is established on from the WAN interface.

Diagram showing only one CPE in each site just for simplicity).IPSEC is estalished fomr CPE to CPE for encrypting the VPN traffic.There is no routing protocol running over IPSEC peers.

LAN----------------CPE------------------------PE------------------------PE--------------CPE-----------------LAN

        <-HSRP->          <-BGP->               <-MPLS->            <-BGP->        <-HSRP->

                              <---------------------------------IPSEC-------------------------->

Please help !!

Cheers,

A

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎01-16-2012 08:26 AM

A

I wonder if it would work to set up IP SLA to track availability of some address reached through the VPN and to have your HSRP track that.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to anilrs3

‎01-16-2012 12:42 PM

Is there a route that's specific to your IPSec tunnel? If so, you could use SLA to track the route. When it falls out of the table, you could fail over to your other standby device...

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎01-16-2012 08:26 AM

A

I wonder if it would work to set up IP SLA to track availability of some address reached through the VPN and to have your HSRP track that.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
anilrs3
Level 1
Level 1
In response to Richard Burts

‎01-16-2012 09:56 AM

Hi Rick,

Thanks Rick, i thought about the object tracking as you said. Was searching for some thing better so that HSRP can track the ISAKMP SA session . May be such feature does't exist !!

Cheers,

Anil.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to anilrs3

‎01-16-2012 12:42 PM

Is there a route that's specific to your IPSec tunnel? If so, you could use SLA to track the route. When it falls out of the table, you could fail over to your other standby device...

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
anilrs3
Level 1
Level 1
In response to John Blakley

‎01-16-2012 12:53 PM

Yes, i am going to do that only now. Object tracking with HSRP.

Thanks,

Anil.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card