Please see the following information with relation to the configuration of CSPM for HSRP...
CSPM does not actually support HSRP, however, there is a way around this.
Modeling Requirement for CSPM with HSRP:
The challenge for CSPM is:
1. Both routers are managed, that their real physical addresses should be selected for control;
2. HSRP address should be used for route calculation in CSPM (on top of its interfaces list), e.g. a PIX needs to point to it as the default gateway.
#This two requirements make using a cloud not feasible.
Modeling HSRP in CSPM with Interface Address overloading:
It is simply to overload the routers interface with their real and HSRP addresses.
The HSRP address needs to be before the physical address, thus it is used as the routing gateway address by others.
Select the physical address for management by CSPM.
Step by step to configure CSPM with HSRP:
1. create one interface on IOS1 (first router) with HSRP address (this interface could be create anytime, but it needs to be on top of all interfaces of this IOS device so this HSRP address will be used for routing calculation).
2. create one interface on IOS1 with physical address, select this interface for management by CSPM.
You do not need to configure seperate interface with the physical ip address and another seperate interface with the HSRP IP. This is wrong. The workaround for getting CSPM to work with a HSRP router is the following :
Note : HSRP on router should be configured first. <------
To make sure correct routes are generated by CSPM follow this, do this in the CSPM application :
1. create interface on IOS1 (first router)
2. add HSRP IP address (this IP address could be created anytime, but it needs to be on top of all IP addresses of this interface so this HSRP address will be used for routing calculation).
3. on the same interface add physical address and select this address for management by CSPM
4. repeat steps 1-3 on IOS2 (second router)
As i mentioned in step 3, ON THE SAME INTERFACE, add physical IP address and select this for management. This way, you will be able to have 2 IPs on same interface, one hsrp and another physical.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...