I'm looking at using the IOS Firewall feature set with stateful failover between two 2900 series routers. I have been working with a configuration that involves the "inside" being WAN interfaces on two different subnets and the "outside" being two LAN interfaces on the same subnet using HSRP. In reading the datasheet there were two configurations mentioned but mine isn't exactly either.
What I am seeing is the sessions not sycning up. I have tried reversing the inside/outside roles and they were sycing the sessions across. You could see them by using the "show ip inspect sessions" command and validate the HEX value of the sessions. Now I see the sessions on the HSRP active router but not the HSRP standby router.
I have enabled several different debugs but I'm not getting a lot of output and even with I clear the active sessions for the ip inspect ha session I don't really get anything.
Anyone have any tips for getting a configuration similar to this working?
I have been using that link for the configuration. In looking at the guide it's wanting HSRP on both sides(inside and outside). What I was curious was if anyone has done something similar to the diagram below. I have also attached the diagram in case the picture below is too small.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :