Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

IPSec Tunnel backup using VRRP on Cisco 831- it is possible?

Hi.

I want to find out if it is possible (and if so, the how?) what I asked above.

I have 3 Cisco 831 (R1, R2 and R3)routers connected through a Cisco 3750 Switch (no routing here). So, only one interface is used on the each router (Eth).

There is the data:

- R1 and R2 are using VRRP

- Between R3 and R2 there is a GRE Tunnel with IPSec (using isakmp).

So far so good :), the problem is:

- when R2 (witch is VRRP Master) goes down, I want R3 router to establish a new GRE Tunnel with IPSec (using isakmp) with R1 (witch in the meantime became VRRP Master), so that R3 can have now a Tunnel with R1.

The problem is that when R2 goes down, the new IPSec Tunnel between R3 and R1 doesn't go up.

On R1 I am using the same Tunnel IP address (10.0.1.2) as the IP address on R2. On the Eth routers interfaces I am using IP from 172.16.3.0/24 prefix.

I've tried different configuration on R3 and R1, but nothing worked so far..

Can it be done?

3 REPLIES
Silver

Re: IPSec Tunnel backup using VRRP on Cisco 831- it is possible?

Use these commands to configure interface tunnel 0,ip address ip-address subnet-mask ,tunnel source ethernet 1,tunnel destination default-gateway-ip-address.For more info refer the following URL

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a0080118d1a.html#wp1087248

New Member

Re: IPSec Tunnel backup using VRRP on Cisco 831- it is possible?

Hi.

Thx for the info and link, but I allready have the tunnels set :), the problem was that the second tunnel doesn't go up when needed (when vrrp master goes down).

In a meanwhile, I've changed the configs, no VRRP anymore. Instead, I use now specific OSPF cost on tunnels interfaces and OSPF with tunnels prefixes, so that I can chose a prefered path for my packets. When a neighbour goes down, the traffic is switched to another route, the one with a higher cost.

I only hope it's OK :D, in lab it seems to work just fine.

I will atach a picture with my actual lab diagram and maybe U can give an opinion... :)

New Member

Re: IPSec Tunnel backup using VRRP on Cisco 831- it is possible?

Here is the picture:

1051
Views
0
Helpful
3
Replies
CreatePlease to create content