Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1998
Views
0
Helpful
3
Replies

IPSec Tunnel backup using VRRP on Cisco 831- it is possible?

csarafoleanu
Level 1
Level 1

‎09-01-2006 04:31 AM - edited ‎02-21-2020 02:36 PM

Hi.

I want to find out if it is possible (and if so, the how?) what I asked above.

I have 3 Cisco 831 (R1, R2 and R3)routers connected through a Cisco 3750 Switch (no routing here). So, only one interface is used on the each router (Eth).

There is the data:

- R1 and R2 are using VRRP

- Between R3 and R2 there is a GRE Tunnel with IPSec (using isakmp).

So far so good :), the problem is:

- when R2 (witch is VRRP Master) goes down, I want R3 router to establish a new GRE Tunnel with IPSec (using isakmp) with R1 (witch in the meantime became VRRP Master), so that R3 can have now a Tunnel with R1.

The problem is that when R2 goes down, the new IPSec Tunnel between R3 and R1 doesn't go up.

On R1 I am using the same Tunnel IP address (10.0.1.2) as the IP address on R2. On the Eth routers interfaces I am using IP from 172.16.3.0/24 prefix.

I've tried different configuration on R3 and R1, but nothing worked so far..

Can it be done?

Labels:
0 Helpful
3 Replies 3

a-vazquez
Level 6
Level 6

‎09-07-2006 08:47 AM

Use these commands to configure interface tunnel 0,ip address ip-address subnet-mask ,tunnel source ethernet 1,tunnel destination default-gateway-ip-address.For more info refer the following URL

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a0080118d1a.html#wp1087248

0 Helpful

csarafoleanu
Level 1
Level 1
In response to a-vazquez

‎09-10-2006 10:48 PM

Hi.

Thx for the info and link, but I allready have the tunnels set :), the problem was that the second tunnel doesn't go up when needed (when vrrp master goes down).

In a meanwhile, I've changed the configs, no VRRP anymore. Instead, I use now specific OSPF cost on tunnels interfaces and OSPF with tunnels prefixes, so that I can chose a prefered path for my packets. When a neighbour goes down, the traffic is switched to another route, the one with a higher cost.

I only hope it's OK :D, in lab it seems to work just fine.

I will atach a picture with my actual lab diagram and maybe U can give an opinion... :)

0 Helpful

csarafoleanu
Level 1
Level 1
In response to csarafoleanu

‎09-10-2006 10:54 PM

Here is the picture:

Preview file
321 KB
0 Helpful
Customers Also Viewed These Support Documents