Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN concentrator VRRP.

Dear All,

Scenario:

--------

I have 2 vpn concentrator 3060 configured VRRP Master/Backup.

L2L is confiured in the concentrator .

Remote-offices Router/ASA is connected the Concentrator.

What will the configuration in the remoteoffice device? the peer-ip should be the VRRP IP?

we have to configure both vpn concentrator IP in the ASA/router.

eg:-set peer vrrrp ip of the Master

set peer ip of the backup.

Kindly advice me.

Regards

Subash.c

7 REPLIES
Silver

Re: VPN concentrator VRRP.

Here is a URL on CCO that describes how to configure VRRP on the VPN concentrator. I hope it is of help to you.

http://www.cisco.com/application/pdf/paws/7210/vrrp.pdf

New Member

Re: VPN concentrator VRRP.

Hi Slamans,

I am following this documents..

My doubts are given below:-

1) In the backup concentrator what is the ""ROle"Master/Backup1.?

2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?

3)Lan-Lan IPec will establish the VRRP IP?

Regards

Subash.c

Silver

Re: VPN concentrator VRRP.

1) In the backup concentrator what is the ""ROle"Master/Backup1.?

The backup with a number after it is the precedence of that VPN concentrator in the VRRP group. It looks to me as though Backup1 is the highest precendence of the backup concentrators, followed by .2, .3, etc.

2) Vrrp IP ,i can use same physical ip for master or i have to configure seperate IP for VRRP?

On the Master system, the VRRP entries are the IP addresses configured on its Ethernet interfaces, and the Manager supplies them by default.

On a Backup system, the fields are empty by default, and you must enter the same IP addresses as those on the Master system.

3)Lan-Lan IPec will establish the VRRP IP?

If the Master fails, the Backup begins to service traffic formerly handled by the Master. This switchover occurs in 3 to 10 seconds. While IPsec and

Point-to-Point Tunnel Protocol (PPTP) client connections are disconnected during this transition, users need

only to reconnect without changing the destination address of their connection profile. In a LAN-to-LAN

connection, switchover is seamless.

HTH

New Member

Re: VPN concentrator VRRP.

Dear Slams,

In that case, if we change the physical IP for the box with the same VRRP ip and tried connecting site to site VPN once again. it will work?

Regards

Subash

Silver

Re: VPN concentrator VRRP.

If you are referring to the master concentrator, you can change the physical IP on that box, which will change the VRRP IP, which you will use on the backup concentrators and the remote peer address on your remote site gateways.

I would also clear the ARP caches on the other devices that share a network with the master concentrator.

New Member

Re: VPN concentrator VRRP.

Hi Slmans,

Thanks for the update.

This comming sunday , i have this activity VPN concentrator VRRP.I am following the VRRP cisco doc..

I will update you.

Regards

Subash.c

New Member

Re: VPN concentrator VRRP.

Hi Subash,

this implementation went well for you?

Thank you.

Best regards,

Norberto

770
Views
0
Helpful
7
Replies