A loopback interface is being used for ipsec (policy based) tunnels source/endpoint lets say Lo20. Identical tunnels are configured on two ISR 4k routers Rtr1 and Rtr2 (running HSRP) with same IP for tunnel source/endpoint loopback20. Tunnel loopback is dynamically advertised with a higher cost from Rtr2 in OSPF. Remotes (non Cisco APs) request/initiate ipsec tunnel negotiations and have ike and ipsec timers set to Cisco defaults of 3600 and 86400. Dynamic VPNs and ike version 1 are being used. Routers are running one of the recent (less than a year old) Cisco recommended Gold star image. All VPNs are site to site.
When uplink interface is shut on Rtr1, HSRP fails over between routers however tunnels do not failover, until these are cleared on Rtr1. Any suggestions? If more info is needed, please let me know.
Thanks,
Param