02-03-2016 11:43 AM - edited 02-21-2020 08:39 PM
Hi all,
I have a Hub nd Spoke VPN architecture realized with sVTI, IKEv1 and IPsec.
My hub is connected to a single ISP.
I'd like to have an hardware redundancy for my hub.
Instead of creating a double tunnel in each spoke i'd like to use a failover protocol over my 4000ISR router.
Is there a way to realize it simply?
If I use IOS IPsec failover do I have to deploy my changes on both router or (like ASA) I may configure the active router and let the standby receive the chenges?
Thank you all.
Johnny
Solved! Go to Solution.
02-05-2016 12:56 AM
If your ISP connection is one that has a routed block, and you can plug two of the same routers into it, then you can configure HSRP.
The Tunnel source becomes the HSRP address. Spokes don't have to know that there are two routers.
Easy failover.
You can also have a single tunnel with dual hubs (if you don't use HSRP). You don't to use dual tunnels.
02-05-2016 12:56 AM
If your ISP connection is one that has a routed block, and you can plug two of the same routers into it, then you can configure HSRP.
The Tunnel source becomes the HSRP address. Spokes don't have to know that there are two routers.
Easy failover.
You can also have a single tunnel with dual hubs (if you don't use HSRP). You don't to use dual tunnels.
02-05-2016 12:59 AM
Thank you Philip,
My ISP is unique so I can use HSRP.
How can I use single tunnel with dual HUB?
Tks again
Johnny
02-05-2016 01:06 AM
On the spoke double up on the NHRP lines. The hubs have a couple of options. You can deploy them as plain hubs, or you can get a little more advanced, and make them NHRP clients of each other.
interface Tunnel x
ip nhrp map multicast <hub1 public IP>
ip nhrp map multicast <hub2 public IP>
ip nhrp map <hub1 tunnel IP> <hub1 public IP>
ip nhrp map <hub2 tunnel IP> <hub2 public IP>
ip nhrp nhs <hub1 tunnel IP>
ip nhrp nhs <hub2 tunnel IP>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide