what you are saying is, that if one router fails the other should provide the functionality of both routers working separately now.
This means you should first test, whether one router can be configured to do everything both routers do now. If this is the case then a standard HSRP configuration with interface traccking should give you redundancy. Be aware however, that HSRP is not meant to provide load sharing. Usually one router is active and the other on is idle unless the active one fails.
Another question is how your IP routing looks like. HSRP is more meant to deliver a redundant default gateway to a host than to have redundant internet connections with VPNs and the like. It might be possible though.
There may be other options like dynamic routing in your case, but without more detailed information about the complete IP routing solution in your case this can not be answered easily.
i will try to explain the situation in more detail.
The location is a data center where we have rent two racks. In one rack, both routers and the gigabit switch are installed. The router of one provider (t-com) is installed in this rack as well. The connection from the other provider (its the owner of the data center) comes via cable into the rack.
So as i said, there are two completely different WAN connections. Our idea or wish is, if one of the router fails, the other one should handle the WAN connection - and all the other stuff the failed router did - as well. Therefor i configured both routers duplicate. I named all configuration parts with praefixes (access-list extended provider1_incoming, access-list extended provider2_incoming, nat pool provider1 and so on).
You asked for routings, this happens as well:
Port Forwardings - i have duplicated them.
On the server i will configure the official ip addresses of the subnet of the providers.
We have an official 16 IP-Addresses subnet from provider1 and an official 8 IP-Addresses subnet from provider2. The routers will have one official IP Address from the subnet.
If the server gots an official IP-Address, i will configure the official router IP-Address as gateway.
If the server only gots an internal IP-Address, i will configure the internal router IP-Address.
Up to this, everything is clear to me. But as i wrote, i have on every router the acls provider1_incoming and provider2_incoming. How can i manage, that the router will adopt the correct access-list if the other router fails?
As you can see in the picture, we have two wan links from two different carriers that terminate in our rack.
We have a cisco catalyst gigabit switch. The carrier equipment is connected to the switch like our routers. I will configure vlan so that only the carrier equipment and our two routers could communicate.
From both carriers we got official subnets. The carrier2 (picture) has an extra official transport subnet (/30) between its L3 switch and our router2. The official subnet for our webservers is routed by the carrier to our router2 which has one of the official ip on its "inner" interface.
The other WAN link has no extra transport subnet. The router of carrier1 has the first official ip address out of our official subnet.
What we want to reach is redundancy if one router fails. The other router should do its job as before, but additionally make the job of the failed router.
Therefor we have to manage the official ip addresses of both routers and the internal ip addresses of both routers with hsrp. So we don't have to change routes on the servers behind.
If router1 fails, router2 should have the LAN IP of router1 and the WAN IP router1 additionally to its own IP addresses.
Is it possible, if fa0/1 is the LAN interface, i do not have to configure an ip address to this interface. Example:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :