cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
768
Views
10
Helpful
5
Replies

ipsec high availability HSRP with 2811

pf
Level 1
Level 1

According the feature navigator hsrp with ipsec should also be supported with 2811, but with 12.4.7a (and also with 12.4.3d) Advanced ip services the show command for that feature are not available. sh redundancy , sh crypto isakmp sa [actice | passive], sh crypto ha.

What's the problem? Is it not supported on 2811?

5 Replies 5

Vikas Saxena
Cisco Employee
Cisco Employee

only if an image name contains a 'k9' it contains crypto.

Check if in your image name there is a k9 notation.

Did you try IOS feature navigator?

Vikas

It is a k9 image.

ZOC001015#sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3d), RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Wed 19-Apr-06 09:18 by alnguyen

I tried already the feature navigator. Feature navigator says that this feature is available with 2811.

i ve got exactly the same problem and i still don't know how to resolve it. Any clues about it?

andrew.burns
Level 7
Level 7

Hi,

Cisco have unfortunately named two separate features almost identically. The two features are as follows:

IPSec VPN High Availability Enhancements

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804dfa7d.html

AND

IOS IPsec High Availability (or Stateful Failover for IPSec)

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802d03f2.html

The first feature increases availability by using HSRP and RRI, and the second does much the same except that the SA's are communicated between the routers over an IPC channel, which gives you stateful failover. The first feature is available across a wide selection of routers and feature sets but the second is only available on a select number of routers (3700,3800,7200,etc).

Basically, if you want IPsec stateful failover you need to get some 3700's or above.

HTH - plz rate if it does

Andrew.

Thank you very much for your answer. I was looking for this information since so long...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: