cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
1
Replies

HSRP Problem with High Availability IPSec

fawad.alam
Level 1
Level 1

I am using HSRP as part of High Availability IPSec to ensure head-end IPSec peer address is always available.

I am applying CRYPTO MAP command on interface with REDUNDANCY keyword to achieve the deisred result.

It is working for me as I see the IPsec peers get established using HSRP virtual IP address on Site A & B.

The problem : I was dropping packets frequesntly. When I looked at the HSRP active standby status on the two routers at site A for the interface configured with REDUNDANCY keyword, both routers are showing active for the standby group and remote router is shown as unknown. I see same problem at Site B.

What is required under the HSRP configuration along with REDUNDANCY Keyword. I can not ping the interface of the HSRP group peer as well on both sites.

Any help would be highly appreciated.

Thanks..Alam

1 Reply 1

ehirsel
Level 6
Level 6

Please post the relevant parts of the HSRP config for the routers at site A, so that I or someone else can help you further; I suspect that both sites have the problem for the same reason.

It is important to note that HSRP in basic form works, that is each router should see each other router's HSRP packets. Each router interface that participates in the same group needs to be on the same vlan and ip subnet. Check that that is the case for the routers at sites A and B.

Let me know what you find.