Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3383
Views
50
Helpful
24
Replies

dynamic ip FlexVPN Hub Redundancy Router

katheer_4u
Level 1
Level 1

‎03-08-2020 11:08 AM

 

 

Good day

Please advise me how I can configure the dynamic ip FlexVPN Hub Redundancy Router? Can I use the HSRP or VRRP ?

I have both routers are ISR 4331/K9

WAN prots are L3

LAN Ports are L2

 

Thanks 

Labels:
Preview file
4 KB
0 Helpful
24 Replies 24

Sheraz.Salim
VIP
VIP

‎03-08-2020 11:16 AM

If both ISR router outside interfaces are connected to a switch and you want to run HSRP on switch  and ISR outside interfaces. yes than thats possible.

 

however, could you explain in more detail what you want?

please do not forget to rate.

katheer_4u
Level 1
Level 1
In response to Sheraz.Salim

‎03-08-2020 11:32 AM

Dear Mr.Sheraz.Salim

 

Please see the attached Image Router 0 its working fine and i want to add Redundancy Router and when i trying to config the HSRP in LAN its in VLAN1 ? 

 

Preview file
35 KB
0 Helpful

Rob Ingram
VIP
VIP

‎03-08-2020 11:33 AM - edited ‎03-08-2020 11:37 AM

Hi,

Your requirements still aren't clear to me from the diagram, are both router 0 and router 1 hub routers? ...and you want to load balance over them?

 

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-08-2020 11:37 AM

Dear RJI

 

Thank you for the reply i really appreciated btw i have single ISP its and its dynamic IP also also

0 Helpful

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-08-2020 11:42 AM - edited ‎03-08-2020 11:45 AM

Dear RJI

 

i just draw the diagram i like to have Redundancy HUB router 1 but Router 1 still not connected and config

 

like a active and standby router or its can work like a  load-balance  also its fine for me 

 

thanks 

0 Helpful

katheer_4u
Level 1
Level 1
In response to katheer_4u

‎03-08-2020 11:47 AM

Please see the router 0 (HUB ) its active and with 21 branches 

 

HO-FLXVPN#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.100.234 YES NVRAM up up
GigabitEthernet0/0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset up up
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Virtual-Access1 192.168.250.1 YES unset up up
Virtual-Access2 192.168.250.1 YES unset up up
Virtual-Access3 192.168.250.1 YES unset up up
Virtual-Access4 192.168.250.1 YES unset up up
Virtual-Access5 192.168.250.1 YES unset up up
Virtual-Access6 192.168.250.1 YES unset up up
Virtual-Access7 192.168.250.1 YES unset up up
Virtual-Access8 192.168.250.1 YES unset up up
Virtual-Access10 192.168.250.1 YES unset up up
Virtual-Access11 192.168.250.1 YES unset up up
Virtual-Access12 192.168.250.1 YES unset up up
Virtual-Access13 192.168.250.1 YES unset up up
Virtual-Access14 192.168.250.1 YES unset up up
Virtual-Access15 192.168.250.1 YES unset up up
Virtual-Access16 192.168.250.1 YES unset up up
Virtual-Access17 192.168.250.1 YES unset up up
Virtual-Access18 192.168.250.1 YES unset up up
Virtual-Access19 192.168.250.1 YES unset up up
Virtual-Access20 192.168.250.1 YES unset up up
Virtual-Access21 192.168.250.1 YES unset up up
Virtual-Template23 192.168.250.1 YES unset up down
Vlan1 192.168.250.1 YES NVRAM up up

0 Helpful

Rob Ingram
VIP
VIP
In response to katheer_4u

‎03-08-2020 11:55 AM

Ok, so you have a dynamic IP address on the ISP modem? I assume you are port forwarding to 192.168.100.234?

I guess you could port forward to an HSRP address that is configured on both router 0 and 1 that might work, this would obviously be active/standby.
Ideally you'd have 2 public IP addresses on your modem, with a 1-2-1 nat for each hub router.

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-08-2020 12:07 PM

Ok, so you have a dynamic IP address on the ISP modem? I assume you are port forwarding to 192.168.100.234?

 

Yes your right 

 

 

unfortunately i have single ISP so i done the port forward
i believe in the WAN it will work HSRP but how about the LAN Part ? its in L2 port and Vlan 1 is defending inside the

interface Virtual-Template23 type tunnel
ip unnumbered Vlan1
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to katheer_4u

‎03-08-2020 12:12 PM - edited ‎03-08-2020 12:20 PM

You mean the LAN interface (vlan1)? You can use HSRP on that as well, make sure you use the "track" command inconjunction with HSRP.

Ideally, you should use a loopback interface as the unnumbered interface under the virtual-template rather than vlan1.

On your remote spoke routers ensure you configure Dead Peer Detection (DPD).

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-08-2020 12:54 PM - edited ‎03-08-2020 12:56 PM

 


interface GigabitEthernet0/0/0
ip address 192.168.100.235 255.255.255.0
ip nat outside
standby 2 ip 192.168.100.234
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 10
negotiation auto

 

interface GigabitEthernet0/1/2
ip address 192.168.250.3 255.255.255.0
ip nat inside
standby 1 ip 192.168.250.1
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 10
negotiation auto



interface Virtual-Template23 type tunnel
no ip address
ip unnumbered Vlan1 (??????????????)
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01

Now im removed the Vlan 1 and plaing to user LAN port also L3 port so i configred and how about the interface Virtual-Template23 type tunnel

i want the land getaway as default  standby 1 ip 192.168.250.1 

 

 

Please advise me 

 

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to katheer_4u

‎03-09-2020 02:19 AM

It is optional to use a loopback as the unnumbered interface, it is preferred as a loopback interface will always be up, but a vlan may not be.

The LAN default gateway would be 192.168.250.1 if you've defined at as the standby IP address on both routers.

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-09-2020 07:17 AM

hi

you mean like this ?

 

interface GigabitEthernet0/0/0
ip address 192.168.100.235 255.255.255.0
ip nat outside
standby 2 ip 192.168.100.234
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 10
negotiation auto


interface Virtual-Template23 type tunnel
ip unnumbered Vlan1
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01
!
interface Vlan1
ip address 192.168.250.3 255.255.255.0
standby 1 ip 192.168.250.1
standby 1 timers msec 15 msec 50
standby 1 preempt
standby 1 track 2 decrement 10

 

 

 

0 Helpful

Rob Ingram
VIP
VIP
In response to katheer_4u

‎03-09-2020 08:16 AM

Seems alright, have you tested it in your lab?

katheer_4u
Level 1
Level 1
In response to Rob Ingram

‎03-09-2020 10:51 AM

Thank you  RJI

not yet i tested in my lap btw how about the active and standby can syn its self ? i mean if i do changes in active router it will be reflective in standby router also ?

 

Please advise me 

 

thanks 

 

0 Helpful
Customers Also Viewed These Support Documents