Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

HSRP tracking IPSEC session status

Hi All,

I have a requirement where HSRP is running on the LAN side and IPSEC VPN is established with the remote site CPE. HSRP is trakcing the WAN interface status. How can I track the IPSEC VPN status also for HSRP failover.

I can see there are many documents in Internet showing how to track HSRP and IPSEC running on the same Interface.But in this case HSRP is on the LAN and IPSEC is established on from the WAN interface.

Diagram showing only one CPE in each site just for simplicity).IPSEC is estalished fomr CPE to CPE for encrypting the VPN traffic.There is no routing protocol running over IPSEC peers.

LAN----------------CPE------------------------PE------------------------PE--------------CPE-----------------LAN

        <-HSRP->          <-BGP->               <-MPLS->            <-BGP->        <-HSRP->

                              <---------------------------------IPSEC-------------------------->

Please help !!

Cheers,

A

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

HSRP tracking IPSEC session status

A

I wonder if it would work to set up IP SLA to track availability of some address reached through the VPN and to have your HSRP track that.

HTH

Rick

HSRP tracking IPSEC session status

Is there a route that's specific to your IPSec tunnel? If so, you could use SLA to track the route. When it falls out of the table, you could fail over to your other standby device...

HTH, John *** Please rate all useful posts ***
4 REPLIES
Hall of Fame Super Silver

HSRP tracking IPSEC session status

A

I wonder if it would work to set up IP SLA to track availability of some address reached through the VPN and to have your HSRP track that.

HTH

Rick

New Member

HSRP tracking IPSEC session status

Hi Rick,

Thanks Rick, i thought about the object tracking as you said. Was searching for some thing better so that HSRP can track the ISAKMP SA session . May be such feature does't exist !!

Cheers,

Anil.

HSRP tracking IPSEC session status

Is there a route that's specific to your IPSec tunnel? If so, you could use SLA to track the route. When it falls out of the table, you could fail over to your other standby device...

HTH, John *** Please rate all useful posts ***
New Member

HSRP tracking IPSEC session status

Yes, i am going to do that only now. Object tracking with HSRP.

Thanks,

Anil.

519
Views
0
Helpful
4
Replies
CreatePlease to create content