When configuring HSRP with IPSec, the following conditions may apply:
â¢When HSRP is applied to a crypto map on an interface, the crypto map must be reapplied if the standby IP address or the standby name is changed on that interface.
â¢If HSRP is applied to a crypto map on an interface, and the you delete the standby IP address or the standby name from that interface, the crypto tunnel endpoint is reinitialized to the actual IP address of that interface.
â¢If you add the standby IP address and the standby name to an interface with the requirement IPSec failover, the crypto map must be reapplied with the appropriate redundancy information.
â¢Standby priorities should be equal on active and standby routers. If they are not, the higher priority router takes over as the active router. When that occurs, the active router goes into a cycle where it continously goes down and comes back up.
â¢The IP addresses on the HSRP-tracked interfaces on the standby and active routers should both be either lower or higher on one router than the other. In the case of equal priorities (an HA requirement), HSRP will assign the active state-based IP address. If an addressing scheme exists so that the public IP address of router A is lower than the public IP address of router B, but the opposite is true for their private interfaces, an active/standby-stanby/active split conditon could exist which will break connectivity.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...