vrrp routing when wan side fails

pietervangool · ‎10-23-2020

Hi all

me and a friend have setup a little network for a friend and it works fine. after that we snowballed thinking about stuff we could do in the future.

we came up with a setup (shown in de diagram) and think this could work although we have some questions we cant figure out.

On the wan side we have an ipsec tunnel to another router. The routes are static and have a different metric.

VPN1 is connected to the VRRP leader and VPN2 to the slave. If a packet is send to the DGW (VIP address of the VRRP) it should go to the upper router (the one with vpn1) but the WAN side or just the ipsec tunnels are offline. How is traffic routed to the 2nd router ??

I just cant figure it out.

im sorry if my questions are not that smart, im not a network expert.

KR
Pieter

balaji.bandi · ‎10-23-2020

VRRP has limited functionality, is there any reason you need only VRRP, or HSRP can be deployed?

here is an example :

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/17826-ipsec-feat.html#afterhsrp

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pietervangool · ‎10-23-2020

Hi

Thanks for the reply. The setup is a mockup and not going to be used.

I Just want to Know if the system how we set it up is able to work and/or what need to be done/added to make it work.

Kr

Pieter

balaji.bandi · ‎10-23-2020

Since you want stick on to VRRP and make corrections to work, then I was thinking you can have tracking of the interface and decrement priority slave(backup) to become master.

# track 1 interface x/x line-protocol (this can be VPN or Physical interface)

# vrrp 1 priority 120
# vrrp 1 track 1 decrement 15

also, suggest posting the configuration - what is configured so we can tweak.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help