Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN High Available

Dear All,

I have a DMVPN scenario, and it works very fine. Now I would like to put a new Hub router, as backup, and between HUB1 and HUB2, I have configured HSRP and the spokes routers connect in the Virtual IP Address.

After this configuration, the vpn goes down.

So I need help to solve this issue in this scenario, DMVPN with primary and secondary HUB.

Best Regards,

CLRGomes

2 REPLIES
Anonymous
N/A

Re: DMVPN High Available

When using pure IPsec with two hubs where you need redundancy, you have to combine this with a mechanism like HSRP. This is because we cannot run a dynamic routing protocol through the pure IPsec tunnels to help out with forwarding traffic. So the Stateful IPsec feature was added to specifically have IPsec work with HSRP and keep the IPsec and ISAKMP SA databases synchronized between the two HSRP routers. Therefore HSRP can switch the encrypted traffic between the two HSRP routers as necessary without too much loss of traffic. REfer URL

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dualhubs

ovt Bronze
Bronze

Re: DMVPN High Available

Don't go this way (stateful IPSec / HSRP). Read DMVPN SRND -- it has examples on how to configure dual-Hub DMVPN networks).

161
Views
0
Helpful
2
Replies