×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

seamless migration of cryptomap ipsec setup to vrf aware environment?

Unanswered Question
Sep 7th, 2014
User Badges:

hi out there

 

We are in a migration phase from a vpn router with a non-vrf aware setup to a router with a vrf aware setup. I expected that I was able to do this more or less seamless by adding the wan-interface from the vrf ware router to the same hsrp Group as the non-vrf aware router and the just raise the priority of the vrf aware router when we had a time slot for migrating the environment. But when I added the interface for the vrf aware router to the hsrp Group of the non-vrf aware router  the vrf-aware router suddenly started to "mal-function" - it had two other interfaces running with vpn connections and those sessions started to crash.

Since this is a production env I hadn't time to debug what happened but I just quickly rolled-back what I had done and everything looked ok and stable Again. But - can some here give me a guess of what had happened?

the setup I had on the non-vrf aware router was this:

interface GigabitEthernet0/0/0

ip address 19.41.10.13 255.255.255.128

standby 68 ip 19.41.10.14
 standby 68 priority 110
 standby 68 preempt
 standby 68 authentication xxxx
 standby 68 name asp

crypto map cm-cvn001 redundancy asp

 

and on the vrf aware env:

 

interface GigabitEthernet0/0/3

 

ip address 19.41.10.28 255.255.255.128

 vrf forwarding INTERNET3

 standby 68 ip 19.41.10.14
 standby 68 priority 50
 standby 68 preempt
 standby 68 authentication xxxx
 standby 68 name asp

crypto map IPSECMAP3 redundancy asp
 

 

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion