|
|
This is heady - DMVPN / HSRP
I am trying to mix two Cisco technologies and I am not have much luck,
but I am pretty confident what I am trying to do can be done. Here's
the setup:
My company has two Cisco 2800 routers with IPSec and FW IOS, which are
used for shared VPN services. They only have two fastethernet
interfaces, which are sub-interfaced for various customers (trunking).
I am wanting to run HSRP on both the inside and outside - no problem. I
also want to create DMVPN connections for some customers. That, in
itself is no problem.....
The problem is mixing HSRP (and the IPSec redundancy features with
replicating the SA database between two routers) with DMVPN and more
specifically with the Tunnel interface(s) created with GRE Multicast.
Since my two VPN routers will have one HSRP address, which will end up
being the public address used by customers as the VPN peer address, how
is this one address referenced / related to the GRE tunnels that are
created? You can't create standby ip's on Tunnel interfaces, however it
seems to me you would need to be able to do that somehow.
One option I was thinking about is that, since one of my VPN routers
will be a standby device (not active with HSRP address), then maybe I
could give that router's tunnel interface the same IP address as that
of the tunnel interface on the active router. In theory, this would not
necessarily cause a duplicate-IP issue because that router isn't
answering for packets destined for the standby ip anyway.
I don't want to get too deep - I probably haven't explained it very
well, but I am setting this up and I am basically stuck. My tunnel
interfaces are up, but line protocol is down with a message that the
interface doesn't know the destination point of the tunnel subnet.
|
|
0
|
|
|
|
Reply
|
 packeteye (3)
|
11/18/2005 3:41:39 PM |
|
While Cisco does provide for use of HSRP for IPSEC tunnel high
availability, it does not appear that this approach is used for DMVPN
GRE tunnels.
For DMVPM hub redundancy, see Cisco docs on DMVPN dual hub design:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dualhubsingle
|
|
|
0
|
|
|
|
Reply
|
 Merv
|
11/18/2005 4:41:58 PM
|
|
|
1 Replies
304 Views
(page loaded in 0.14 seconds)
Similiar Articles: This is heady - DMVPN / HSRP - comp.dcom.sys.ciscoI am trying to mix two Cisco technologies and I am not have much luck, but I am pretty confident what I am trying to do can be done. Here's the setup:... DMVPN and duplicate subnets - comp.dcom.sys.ciscoThis is heady - DMVPN / HSRP - comp.dcom.sys.cisco I also want to create DMVPN connections for some ... In theory, this would not necessarily cause a duplicate-IP ... Terminating GRE tunnel on HSRP address - comp.dcom.sys.cisco ...This is heady - DMVPN / HSRP - comp.dcom.sys.cisco... between two routers) with DMVPN and more specifically with the Tunnel interface(s) created with GRE Multicast. ISAKMP duplicate packets - comp.dcom.sys.ciscoThis is heady - DMVPN / HSRP - comp.dcom.sys.cisco The problem is mixing HSRP (and the IPSec redundancy ... In theory, this would not necessarily cause a duplicate-IP ... HSRP and Interface IP will not PING - comp.dcom.sys.cisco ...This is heady - DMVPN / HSRP - comp.dcom.sys.cisco You can't create standby ip's on Tunnel interfaces ... standby device (not active with HSRP address), then maybe I could ... OSPF routing over DMVPN tunnel ... - comp.dcom.sys.cisco ...Now, I have DMVPN set up, which seems to work so far (that is, I can ping ... PIX 520 IOS 5.1 support ipsec over ... This is heady - DMVPN / HSRP - comp ... Cisco Shared Support - comp.dcom.sys.ciscoThis is heady - DMVPN / HSRP - comp.dcom.sys.cisco I am trying to mix two Cisco technologies and I am ... with IPSec and FW IOS, which are used for shared VPN ... Tunnel 0 is UP, Line Protocol is down - comp.dcom.sys.cisco ...This is heady - DMVPN / HSRP - comp.dcom.sys.cisco Terminating GRE tunnel on HSRP address - comp.dcom.sys.cisco ... Tunnel 0 is UP, Line Protocol is down - comp.dcom.sys ... GRE tunnel problem - comp.dcom.sys.ciscoThis is heady - DMVPN / HSRP - comp.dcom.sys.cisco The problem is mixing HSRP (and the IPSec redundancy features with replicating the ... Encryption with a GRE Tunnel 14 ... How will i capture loop back interface traffic? - comp.unix ...This is heady - DMVPN / HSRP - comp.dcom.sys.cisco My tunnel interfaces are up, but line protocol is down with a message that the interface doesn't know the destination ... This is heady - DMVPN / HSRP - comp.dcom.sys.cisco | Computer GroupI am trying to mix two Cisco technologies and I am not have much luck, but I am pretty confident what I am trying to do can be done. Here's the setup:... Cisco DMVPN Redundancy on spoke routers using HSRP: cisco, dmvpn ...Keywords: Cisco, DMVPN, Redundancy, on, spoke, routers, using, HSRP. Cisco DMVPN split-tunneling on spoke… how to setup pix to pix vpn hub and sp… 7/20/2012 7:36:09 PM
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24 followers. 