Problem VRRP or HSRP in WAN interface and fail VPN ipsec

Manuel Martinez · ‎05-04-2011

I have a cuestion and a problem,

A customer they have principal office a one router 891 and 30 remote office, they use for connect with this principal site VPN ipsec.

Today need high avalability in the side WAN and use the same ISP (internet IP private address), and propose an other routers 891 and one switch (Attach pic of the topology).

We design a VRRP in the side WAN and LAN, in the two routers.

In the side LAN, the VRRP function correctly if the router 1 (master) fail, the router 2 (slave) is activate. And the router 1 return, they have a control master again.

We have a two problems:

1) In the WAN don´t function, when the router 1 (master) fail, the router 2(slave) is active that is ok, but when router 1 return, they don´t have a control again, is necesary reset completly the router 1 for take a control master again.

Q. What append, the VRRP don't funtion in WAN interface??? Is necesary configured HSRP?? We need switch of the control to the router 2(slave) interfaces (LAN and WAN) in the same time.

2) The configured in the WAN is VRRP, we configured one remote site for test and try connected in VPN ipsec to the pincipal site, this remote site configured the IP private virtual of the VRRp array but can't connected. If configure the real IP private of the router 1 (master), in the remote site, this site connected.

Q. Why the remote site, don't connected VPN ipsec?. I need High availability in WAN, because if the router 1 (master) fail, the router 2 (slave) take the control and the remote site connected with it.

I hope, can help me and suggest me.

Regards.