06-06-2012 02:35 AM - edited 03-04-2019 04:34 PM
we have decided to configure hssrp on router with static routing.
Now the think we want to create site to site vpn on router.
Is it possible to create vpn with virual ip ?
06-06-2012 04:01 AM
For VPN you will need to use the physical address and not the virtual address.
HTH
Rick
06-06-2012 07:10 AM
Is there any way to create site to site vpn with hssrp concept ?
06-06-2012 11:41 AM
It is not possible to use the HSRP virtual address as the peer address for a site to site VPN. There are several reasons but the most important reason is that the IPSec negotiation between peers would fail because the router will not use the HSRP virtual address as the source address of a packet. And if the IPSec negotiation packet source address is not the peer address then the negotiation will fail.
If you are thinking of the HSRP concept in terms of providing failover capability then it may be possible to create site to site VPN using HSRP concept. On the remote router configure the IPSec with two peer addresses in the set peer statement (and configure an IPSec tunnel on each of the HSRP routers). Then the remote will negotiate one tunnel with the first router as primary and the second router as failover.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide