07-22-2024 10:56 PM - edited 07-22-2024 11:00 PM
Hello Guys,
I am trying to establish S2S IPSEC Tunnel with 2xHSRP routers
Primary Router connects to the remote site over Primary link and the plan was to introduce a secondary router connecting to the backup non prod Backup Link so if Primary Router is down then the Backup Router can establish the communication over the backup link with the remote site over Tunnels.
EIGRP is the routing protocol.
HSRP works between the two routers
GRE over HSRP works and EIGRP over GRE over HSRP works as well.
My questions is will the IPSEC work on this topology, Running IOS XE ISR 4431
Thanks
Nikala
07-23-2024 12:21 AM - edited 07-23-2024 12:23 AM
HSRP is typically used to provide gateway redundancy for switched networks. You would typically want to implement redundancy using your routing-protocol when dealing with routed networks.
If I have understood your topology correctly you have two routers on a hub site that you wish to run in an Active/Passive configuration. Instead of handling the redundancy by making them share a public IP, you can configure your spoke routers to establish tunnels to both hub routers and use EIGRP to influence which tunnel will be used for the active connection.
07-23-2024 01:49 AM
https://ine.com/blog/2008-11-06-ipsec-vpn-high-availability-with-hsrp
You need to config ipsec redundancy under each hsrp peer and use RRI
Check link above
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide