Hello. The documentation that I've read on HA IPSec utilizing HSRP shows a headend site utilizing two routers running HSRP and the branch office running one router.
I was wondering if you can run IPSec in HA mode utilzing HSRP at both the headend and remote locations? So instead of the headend site having a set peer address of the physical interface of the branch router I would point it to the HSRP IP at the branch office.
I've tried this and it doesn't seem to work. Even though the branch office is setup with IPSec in HA mode the HSRP primary router still uses the physical interface IP when it initiates the tunnel.
HSRP is designed to provide high network availability by routing IP traffic from hosts on Ethernet networks without relying on the availability of any single router. By providing network redundancy for IP networks, user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...