04-26-2004 01:33 PM - edited 03-09-2019 07:11 AM
From an earlier post I found out that I have a problem setting up HSRP with routers that terminate GRE tunnels. The problem stems from the fact that the HSRP protocol uses a virtual IP that each of the members of an HSRP group use. I have an idea that I would like to get comments on.
In my case both routers will be behind a firewall and will be using private IP addresses. For arguments sake their "real" addresses would be 1.1.1.2 and 1.1.1.3. The HSRP virtual address will be 1.1.1.1. The virtual address will be NATed to a public IP.
In my scenario each router will use its "real" address as the tunnel source. The remote routers on the other end of the tunnel will use the public NAT of the virual IP for their tunnel destination.
Will this work? If not what else can I do? Does the GRE protocol have some type of secondary or backup tunnel endpoints that I can configure?
Thanks,
Diego
04-29-2004 05:18 AM
Hi Diego, yes this will work.
When the GRE packet hits the firewall it will have its source IP address changed from 1.1.1.x to the outside address you have specified in the static mapping on the PIX. GRE Replies will be to the outside address, the destination address gets translated back to 1.1.1.x.
You will need to allow the IP addresses and the GRE protocol (IP 47) through the firewall.Ages ago I used this to get EIGRP to work through a firewall, I based it on a document I found on cisco.com, if you need it I'll look up the URL.
04-30-2004 07:54 AM
As I read the original question he said that the router would configure tunnel source as its real IP (1.1.1.2) and the remote would configure its tunnel destination as the natted value of the virtual IP (1.1.1.1). In my experience if the local source and remote destination do not have exactly the same IP, the tunnel does not work.
Rick
04-30-2004 08:16 AM
Rick,
I mis-read the original question, in this case the tunnel wont come up, as the reply packets will come back to 1.1.1.1.
I think 2 tunnels would be the answer here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide