Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

HA for IPsec L2L VPNs

Hi Guys,

I?m willing to configure HA for IPSec L2L VPN tunnel on routers 2800 running IOS version 12.4(3a).

I had two identical routers and planning to configure HSRP for HA, I already had multiple VPN tunnels terminated on the outside interface and once I enabled the HSRP on that interface all the VPN sessions terminated and I noticed that the source interface for the VPN session became the actual IP address of the interface NOT the HSRP IP.

Any helpful comments will be high appreciated..

Regards,

Belal

4 REPLIES

Re: HA for IPsec L2L VPNs

Hi

It's should work. You can still configure a static source in your cryptomap statement but that would only be a workaround. Can you post your crypto config and the config of your interfaces, I'll have a look.

New Member

Re: HA for IPsec L2L VPNs

Hello,

I found some thing interesting regarding the same subject, to have the setup work normally u have to run Routing protocol to enable the RRI in case the primary link fall down.

I'll keep u with the config for the standby router, Have Fun :)

Kindly find out the attached..

Regards,

Re: HA for IPsec L2L VPNs

Hi, In your config, you got this :

standby name HSRP-VPN

standby 4 ip 192.168.6.12

crypto map MY-vpn redundancy HSRP-VPN stateful

There a error there...it should be

standby 4 name HSRP-VPN

New Member

Re: HA for IPsec L2L VPNs

Hello,

YES, you are absolutely right..

I'm now working to simulate the setup in lab environment, let's c whats coming up with me and i'll update u accordingly.

Many thx,

Belal

170
Views
5
Helpful
4
Replies