10-26-2005 06:23 AM - edited 02-21-2020 12:29 AM
Hi, I have a few questions regarding RRI and HSRP. I think I have the jist of this, but would like to run it by someone.
In the attached diagram, I simply have two Internet connected routers (Router A and Router B) that will establish IPSEC tunnels to PIX A.
The inside interfaces on Router A and Router B will be part of the HSRP group to provide the IP 172.16.1.1 as the default gateway on PIX B.
I can establish the IPSEC tunnels to PIX A, as well as configure HSRP on the 172.16.1.0 network.
I guess my question is:
How do I configure RRI on Router A and Router B to get this solution working?
Also, is this the recommended configuration for this type of redundant IPSEC connectivity?
11-02-2005 12:58 PM
Router (config)# crypto map map-name seq-num ipsec-isakmp
Adds a dynamic crypto map set to a static crypto map set and enters interface configuration mode.
Step 2
Router (config-if)# set peer ip address
Specifies an IPSec peer IP address in a crypto map entry.
Step 3
Router (config-if)# reverse-route
Creates dynamically static routes based on crypto access control lists (ACLs).
Step 4
Router (config-if)# match address
Specifies an extended access list for a crypto map entry.
Step 5
Router (config-if)# set transform-set
Specifies which transform sets are allowed for the crypto map entry. Lists multiple transform sets in order of priority (highest priority first).
Configuring HSRP with IPSEC
step 1
Router (config)# interface type slot/port
Specifies an interface and enters interface configuration mode.
Step 2
Router (config-if)# standby name group-name
Specifies the standby group name (required).
Step 3
Router (config-if)# standby ip ip-address
Specifies the IP address of the standby groups (required for one device in the group).
Step 4
Router (config-if)# crypto map map-name redundancy [standby-name]
Specifies IP redundancy address as the tunnel endpoint for IPSec.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide