Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
3
Replies

Vpn Concentrator OSPF Issue With VRRP

rameezsardar
Level 1
Level 1

‎12-27-2007 05:41 AM - edited ‎02-21-2020 03:27 PM

Friends,

I have two vpn concentrators on which our different office get connect as lan to lan. I configured vrrp for redundancy and RRI (Reverse Route Injection) so that when vpn concentrators make a tunnel with remote sites, they add remote networks in their routing table. ospf is configured on vpn concentrators so that they advertise all remote networks in ospf domain. Hence when vrrp master vpn box is active, all remote site establish tunnel with it. It advertises remote networks in ospf domain as i can have access to that remote network. When i unplug master, backup vpn box become active and all tunnels shift to it and it properly start advertising remote networks. Now issue is: when master come active back, all shift back to master again BUT master doesn't advertise networks again and backup keeps advertise.

I think this is because of malfunctioning of RRI. When master come up, backup box must stop advertising and master must do it again. You can find link of my topology below:

http://img172.imageshack.us/img172/2175/topologyxb3.jpg

Waiting for your immediate response........

Best Regards

Labels:
0 Helpful
3 Replies 3

rameezsardar
Level 1
Level 1

‎12-28-2007 11:00 PM

still waiting.......

0 Helpful

wasiimcisco
Level 1
Level 1

‎04-18-2008 09:00 AM

Hi,

I need your help in configuring the VRRP on vpn concentrator. First I wana tell you how i configure my concentrator.

I enable VRRP, group ID and share addresses which is configured on master (my concentrator 1)

Then i copy its configuration and after modifying the public and private IP addresses I load it on my 2nd concentrator,

After upload, my 2nd concentrator is only able to access I am not able to access my 1st concentrator.

Shall I modify the configuration on 2nd concentrator for VRRP as backup or it is normal behaviour, I am using static routes and all rotues are point towards the IP of concentrator 1.

Tunnel will be made on Concentrator 1 Public Ip addresses.

If I reboot my 2nd concentrator during the time it comes back i am able to access the concentrator 1 as soon as it comes it, it is again not accessible.

how the configuration replicate, if i configure tunnel on concentrator 2, how to upload on concentrator 1. bcz I am not able to access it.

Shall i change configuration on concentrator 2 as backup VRRP Role.

Please guide

0 Helpful

wasiimcisco
Level 1
Level 1

‎04-18-2008 03:12 PM

According to cisco, written in CSVPN book

VRRP (Virtual Router Redundancy Protocol) and RRI (Reverse Route Injection)

are incompatible and should not be used together.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents