03-08-2020 11:08 AM
Good day
Please advise me how I can configure the dynamic ip FlexVPN Hub Redundancy Router? Can I use the HSRP or VRRP ?
I have both routers are ISR 4331/K9
WAN prots are L3
LAN Ports are L2
Thanks
03-08-2020 11:16 AM
If both ISR router outside interfaces are connected to a switch and you want to run HSRP on switch and ISR outside interfaces. yes than thats possible.
however, could you explain in more detail what you want?
03-08-2020 11:32 AM
Dear Mr.Sheraz.Salim
Please see the attached Image Router 0 its working fine and i want to add Redundancy Router and when i trying to config the HSRP in LAN its in VLAN1 ?
03-08-2020 11:33 AM - edited 03-08-2020 11:37 AM
Hi,
Your requirements still aren't clear to me from the diagram, are both router 0 and router 1 hub routers? ...and you want to load balance over them?
03-08-2020 11:37 AM
Dear RJI
Thank you for the reply i really appreciated btw i have single ISP its and its dynamic IP also also
03-08-2020 11:42 AM - edited 03-08-2020 11:45 AM
Dear RJI
i just draw the diagram i like to have Redundancy HUB router 1 but Router 1 still not connected and config
like a active and standby router or its can work like a load-balance also its fine for me
thanks
03-08-2020 11:47 AM
Please see the router 0 (HUB ) its active and with 21 branches
HO-FLXVPN#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.100.234 YES NVRAM up up
GigabitEthernet0/0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset up up
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Virtual-Access1 192.168.250.1 YES unset up up
Virtual-Access2 192.168.250.1 YES unset up up
Virtual-Access3 192.168.250.1 YES unset up up
Virtual-Access4 192.168.250.1 YES unset up up
Virtual-Access5 192.168.250.1 YES unset up up
Virtual-Access6 192.168.250.1 YES unset up up
Virtual-Access7 192.168.250.1 YES unset up up
Virtual-Access8 192.168.250.1 YES unset up up
Virtual-Access10 192.168.250.1 YES unset up up
Virtual-Access11 192.168.250.1 YES unset up up
Virtual-Access12 192.168.250.1 YES unset up up
Virtual-Access13 192.168.250.1 YES unset up up
Virtual-Access14 192.168.250.1 YES unset up up
Virtual-Access15 192.168.250.1 YES unset up up
Virtual-Access16 192.168.250.1 YES unset up up
Virtual-Access17 192.168.250.1 YES unset up up
Virtual-Access18 192.168.250.1 YES unset up up
Virtual-Access19 192.168.250.1 YES unset up up
Virtual-Access20 192.168.250.1 YES unset up up
Virtual-Access21 192.168.250.1 YES unset up up
Virtual-Template23 192.168.250.1 YES unset up down
Vlan1 192.168.250.1 YES NVRAM up up
03-08-2020 11:55 AM
03-08-2020 12:07 PM
Ok, so you have a dynamic IP address on the ISP modem? I assume you are port forwarding to 192.168.100.234?
Yes your right
unfortunately i have single ISP so i done the port forward
i believe in the WAN it will work HSRP but how about the LAN Part ? its in L2 port and Vlan 1 is defending inside the
interface Virtual-Template23 type tunnel
ip unnumbered Vlan1
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01
03-08-2020 12:12 PM - edited 03-08-2020 12:20 PM
You mean the LAN interface (vlan1)? You can use HSRP on that as well, make sure you use the "track" command inconjunction with HSRP.
Ideally, you should use a loopback interface as the unnumbered interface under the virtual-template rather than vlan1.
On your remote spoke routers ensure you configure Dead Peer Detection (DPD).
03-08-2020 12:54 PM - edited 03-08-2020 12:56 PM
interface GigabitEthernet0/0/0
ip address 192.168.100.235 255.255.255.0
ip nat outside
standby 2 ip 192.168.100.234
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 10
negotiation auto
interface GigabitEthernet0/1/2
ip address 192.168.250.3 255.255.255.0
ip nat inside
standby 1 ip 192.168.250.1
standby 1 priority 110
standby 1 preempt
standby 1 track 1 decrement 10
negotiation auto
interface Virtual-Template23 type tunnel
no ip address
ip unnumbered Vlan1 (??????????????)
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01
Now im removed the Vlan 1 and plaing to user LAN port also L3 port so i configred and how about the interface Virtual-Template23 type tunnel
i want the land getaway as default standby 1 ip 192.168.250.1
Please advise me
03-09-2020 02:19 AM
03-09-2020 07:17 AM
hi
you mean like this ?
interface GigabitEthernet0/0/0
ip address 192.168.100.235 255.255.255.0
ip nat outside
standby 2 ip 192.168.100.234
standby 2 priority 110
standby 2 preempt
standby 2 track 1 decrement 10
negotiation auto
interface Virtual-Template23 type tunnel
ip unnumbered Vlan1
ip nhrp network-id 23
ip nhrp redirect
tunnel source GigabitEthernet0/0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile POC-IPSEC-PROF-01
!
interface Vlan1
ip address 192.168.250.3 255.255.255.0
standby 1 ip 192.168.250.1
standby 1 timers msec 15 msec 50
standby 1 preempt
standby 1 track 2 decrement 10
03-09-2020 08:16 AM
03-09-2020 10:51 AM
Thank you RJI
not yet i tested in my lap btw how about the active and standby can syn its self ? i mean if i do changes in active router it will be reflective in standby router also ?
Please advise me
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide