Announcement

Collapse
No announcement yet.

VPN Redundancy with HSRP on WAN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN Redundancy with HSRP on WAN

    I'm wondering if someone here might be able to help with this config.
    I have a Headquarters and a single remote site. The remote site has two ISP's and two routers running in an HSRP group on the LAN and WAN side.

    I'm having trouble adding VPN between the sites. I can add the second peer to the crypto map at the headquarters but when I try to add it to the remote site I get an error. It basically won't allow me to tie the crypto map to two different HSRP groups. Error says: "Crypto Map already applied with another redundancy name"

    Here's a similiar config (but without dual routers/HSRP groups)
    "https://supportforums.cisco.com/community/netpro/security/vpn/blog/2011/04/25/ipsec-vpn-redundancy-failover-over-redundant-isp-links"


    see the attached pic and config below

    CONFIGS

    R1

    crypto map HQT-VPN
    set peer 3.3.3.3

    routing to peer 3.3.3.3 done using ipsla and weighted static routes

    fa0/0
    ip address 1.1.1.1 255.255.255.248
    standby 1 ip 1.1.1.3
    standby 1 preempt
    standby 1 priority 145
    standby 1 name WANHSRP
    crypto map HQT-VPN redundancy WANHSRP

    fa0/1
    ip address 2.2.2.1 255.255.255.248
    standby 2 ip 2.2.2.3
    standby 2 preempt
    standby 2 priority 145
    standby 2 name WANHSRP2
    {crypto map HQT-VPN redundancy WANHSRP2}
    {error says: Crypto Map already applied with another redundancy name}


    -------------------------------------------------
    R2

    crypto map HQT-VPN
    set peer 3.3.3.3

    fa0/0
    ip address 1.1.1.2 255.255.255.248
    standby 1 ip 1.1.1.3
    standby 1 preempt
    standby 1 priority 145
    standby 1 name WANHSRP
    crypto map HQT-VPN redundancy WANHSRP

    fa0/1
    ip address 2.2.2.2 255.255.255.248
    standby 2 ip 2.2.2.3
    standby 2 preempt
    standby 2 priority 145
    standby 2 name WANHSRP2
    {crypto map HQT-VPN redundancy WANHSRP2}
    {error says: Crypto Map already applied with another redundancy name}
    Attached Files

  • #2
    Re: VPN Redundancy with HSRP on WAN

    This link may help you out.

    http://blog.ine.com/2008/11/06/ipsec...ity-with-hsrp/
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      you can add this :

      two crypto map [HQT-VPN and HQT-VPN2]

      crypto map HQT-VPN2

      fa0/1
      ip address 2.2.2.2 255.255.255.248
      standby 2 ip 2.2.2.3
      standby 2 preempt
      standby 2 priority 145
      standby 2 name WANHSRP2
      crypto map HQT-VPN2 redundancy WANHSRP2

      Comment


      • #4
        You should always try to avoid running FHRP on internet edge routers, and use routing from your core to them to distribute the traffic efficiently.

        Comment

        Working...
        X