Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
1
Replies

Problem with HSRP in IPSec

fawad.alam
Level 1
Level 1

‎03-07-2005 11:19 AM - edited ‎03-02-2019 10:02 PM

I am using HSRP as part of High Availability IPSec to ensure head-end IPSec peer address is always available.

I am applying CRYPTO MAP command on interface with REDUNDANCY keyword to achieve the deisred result.

It is working for me as I see the IPsec peers get established using HSRP virtual IP address on Site A & B.

The problem : I was dropping packets frequesntly. When I looked at the HSRP active standby status on the two routers at site A for the interface configured with REDUNDANCY keyword, both routers are showing active for the standby group and remote router is shown as unknown. I see same problem at Site B.

What is required under the HSRP configuration along with REDUNDANCY Keyword. I can not ping the interface of the HSRP group peer as well on both sites.

Any help would be highly appreciated.

Thanks..Alam

Labels:
0 Helpful
1 Reply 1

sstudsdahl
Level 4
Level 4

‎03-07-2005 11:42 AM

Alam,

The interfaces that you have setup for HSRP need to be able to communicate with each other via layer 2 so that hello packets can be exchanged. If the two routers can't talk to each other via the HSRP enabled interfaces, both side will show active and the remote router as unknown.

Here is a link that describes how HSRP works and gives some example network topolgies with configurations.

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm

Steve

0 Helpful
Customers Also Viewed These Support Documents