Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
5
Helpful
3
Replies

hssr with static route to isp

prashantrecon
Level 1
Level 1

‎06-06-2012 02:35 AM - edited ‎03-04-2019 04:34 PM

we have decided to configure hssrp on router with static routing.

Now the think we want to create site to site vpn on router.

Is it possible to create vpn with virual ip ?

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎06-06-2012 04:01 AM

For VPN you will need to use the physical address and not the virtual address.

HTH

Rick

HTH

Rick
0 Helpful

prashantrecon
Level 1
Level 1
In response to Richard Burts

‎06-06-2012 07:10 AM

Is there any way to create site to site  vpn with hssrp concept ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to prashantrecon

‎06-06-2012 11:41 AM

It is not possible to use the HSRP virtual address as the peer address for a site to site VPN. There are several reasons but the most important reason is that the IPSec negotiation between peers would fail because the router will not use the HSRP virtual address as the source address of a packet. And if the IPSec negotiation packet source address is not the peer address then the negotiation will fail.

If you are thinking of the HSRP concept in terms of providing failover capability then it may be possible to create site to site VPN using HSRP concept. On the remote router configure the IPSec with two peer addresses in the set peer statement (and configure an IPSec tunnel on each of the HSRP routers). Then the remote will negotiate one tunnel with the first router as primary and the second router as failover.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card