I have two routers with HSRP running on the external Public interface. I would like to know if the HSRP VIP address can be used as GRE tunnel source. Over this GRE IPSEC will be encrypting those packets from the tunnel source (VIP) to the other peer.
I know a router never uses VIP to forward traffic but need to know if the GRE tunnel can be sourced by the VIP address and IPSEC encrypting this traffic over the tunnel.
If GRE over IPSec is needed to your HSRP routers, you might as well make TWO IPSec tunnels to each HSRP router's physical IP. And then use dynamic routing over GRE to detect failover or lequal-cost oad-balancing.
The problem is that these two HSRP routers are multihomed to two ISPs. This means I have to create four tunnels from each branch two to each router. This will make the configuration on the spoke routers too big + IPSEC. I have also VPN clients and this would cause the user to have four profiles. I wonder if there is any other better idea. DMVPN is not an option because spoke routers do not need to communicate to each others.
I wonder if anybody has tested this scenario before using the HSRP VIP for GRE tunnel source??? Target is to minmize config on the spoke and provides ISP failover with HSRP to routers.
I did a test LAB and the tunnel was UP with using the VIP as head end of the IPSEC and GRE Tunnel. However, the first GRE tunnel was UP only. The second tunnel the router was not at all trying to generate GRE traffic for the second tunnel UNLESS I set the default route to the second ISP.
Therefore, if the default route is to the first ISP, the GRE having the first interface VIP as source opens the tunnel. The second tunnel won't even generate GRE packets!! This is wierd.
When I put the default route to the second ISP, where it is on the same subnet of the second interface the router generated GRE packets and the tunnel opened sucessfully!
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...