This is heady - DMVPN / HSRP

Discussion in 'Cisco' started by V. Evans, Nov 18, 2005.

  1. V. Evans

    V. Evans Guest

    I am trying to mix two Cisco technologies and I am not have much luck,
    but I am pretty confident what I am trying to do can be done. Here's
    the setup:

    My company has two Cisco 2800 routers with IPSec and FW IOS, which are
    used for shared VPN services. They only have two fastethernet
    interfaces, which are sub-interfaced for various customers (trunking).
    I am wanting to run HSRP on both the inside and outside - no problem. I
    also want to create DMVPN connections for some customers. That, in
    itself is no problem.....

    The problem is mixing HSRP (and the IPSec redundancy features with
    replicating the SA database between two routers) with DMVPN and more
    specifically with the Tunnel interface(s) created with GRE Multicast.

    Since my two VPN routers will have one HSRP address, which will end up
    being the public address used by customers as the VPN peer address, how
    is this one address referenced / related to the GRE tunnels that are
    created? You can't create standby ip's on Tunnel interfaces, however it
    seems to me you would need to be able to do that somehow.

    One option I was thinking about is that, since one of my VPN routers
    will be a standby device (not active with HSRP address), then maybe I
    could give that router's tunnel interface the same IP address as that
    of the tunnel interface on the active router. In theory, this would not
    necessarily cause a duplicate-IP issue because that router isn't
    answering for packets destined for the standby ip anyway.

    I don't want to get too deep - I probably haven't explained it very
    well, but I am setting this up and I am basically stuck. My tunnel
    interfaces are up, but line protocol is down with a message that the
    interface doesn't know the destination point of the tunnel subnet.
    V. Evans, Nov 18, 2005
    #1
    1. Advertising

  2. V. Evans

    Merv Guest

    Merv, Nov 18, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Garry Glendown

    OSPF routing over DMVPN tunnel ...

    Garry Glendown, Nov 14, 2003, in forum: Cisco
    Replies:
    4
    Views:
    6,842
    Scooby
    Nov 15, 2003
  2. Christian Knoblauch

    DMVPN and duplicate subnets

    Christian Knoblauch, Dec 23, 2003, in forum: Cisco
    Replies:
    0
    Views:
    611
    Christian Knoblauch
    Dec 23, 2003
  3. Adrian

    827-4V and DMVPN??

    Adrian, Dec 23, 2003, in forum: Cisco
    Replies:
    0
    Views:
    552
    Adrian
    Dec 23, 2003
  4. j

    EIGRP and DMVPN

    j, Jun 18, 2004, in forum: Cisco
    Replies:
    2
    Views:
    3,403
  5. Glenn Rowe

    DMVPN Help

    Glenn Rowe, Sep 13, 2004, in forum: Cisco
    Replies:
    0
    Views:
    609
    Glenn Rowe
    Sep 13, 2004
Loading...

Share This Page