ipsec high availability HSRP with 2811

Unanswered Question

According the feature navigator hsrp with ipsec should also be supported with 2811, but with 12.4.7a (and also with 12.4.3d) Advanced ip services the show command for that feature are not available. sh redundancy , sh crypto isakmp sa [actice | passive], sh crypto ha.

What's the problem? Is it not supported on 2811?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Vikas Saxena Sun, 05/28/2006 - 04:38
User Badges:
  • Cisco Employee,

only if an image name contains a 'k9' it contains crypto.

Check if in your image name there is a k9 notation.

Did you try IOS feature navigator?


It is a k9 image.

ZOC001015#sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3d), RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Wed 19-Apr-06 09:18 by alnguyen

I tried already the feature navigator. Feature navigator says that this feature is available with 2811.

durale1789 Wed, 08/16/2006 - 09:11
User Badges:

i ve got exactly the same problem and i still don't know how to resolve it. Any clues about it?

andrew.burns Mon, 08/21/2006 - 07:02
User Badges:
  • Gold, 750 points or more


Cisco have unfortunately named two separate features almost identically. The two features are as follows:

IPSec VPN High Availability Enhancements



IOS IPsec High Availability (or Stateful Failover for IPSec)


The first feature increases availability by using HSRP and RRI, and the second does much the same except that the SA's are communicated between the routers over an IPC channel, which gives you stateful failover. The first feature is available across a wide selection of routers and feature sets but the second is only available on a select number of routers (3700,3800,7200,etc).

Basically, if you want IPsec stateful failover you need to get some 3700's or above.

HTH - plz rate if it does


durale1789 Mon, 08/21/2006 - 09:11
User Badges:

Thank you very much for your answer. I was looking for this information since so long...


This Discussion