Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
3
Replies

IPSec Site to Site VPN in HSRP environment

Sandesh Pudasaini
Level 1
Level 1

‎02-20-2019 09:48 PM

Hello,

I am trying to do IPSec site to site vpn between to sites  that is Site A and site B as described in diagram.

Please assist how to deploy VPN in this secnario. Both site has virtual IP address of HSRP. 

Do we need to create VPN parameters in both routers i.e Site A (R1 and R2) and Site B (R3 and R4).

Hoping for optimize and ideal solution for this scenario. Which routing protocol should be run as i have configured static route.

Labels:
Preview file
83 KB
0 Helpful
3 Replies 3

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-20-2019 11:40 PM

Hi,

I never tested this is in labor real life. Why are you configured HSRP on WAN interface? Is there any internal server published on the WAN?

As per my understanding, you required two VPN tunnels from each router. One VPN will be terminated from R1 to R3 and R1 to R4 and vice versa. You have to configure for same from R2 also. You can use IPSLA from monitoring routing for the VPN. 

 

I am not sure a VPN group will help in this case. Let me try in a lab and will come back on tomorrow.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Sandesh Pudasaini
Level 1
Level 1
In response to Deepak Kumar

‎02-22-2019 01:14 AM

Hi Deepak,

Is there any issue with design consideration, please suggest. Or would it be possible to put R1 and R1 in HA ? 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Sandesh Pudasaini

‎02-22-2019 08:12 AM

Hi,

My suggestions are below:

 

Configure Dual HUB DMVPN with IPSec protection setup and run the OSPF or EIGRP. 

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/41940-dmvpn.html#dualhubsingle

 

It is tested in my lab and will work.

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card