107.55.9
Names the IP address of
the remote tunnel endpoint
Edmonton(config-if)#tunnel mode ipsec ipv4 Sets IPsec using IPv4 as
the encapsulation mode
for the tunnel interface
Edmonton(config-if)#tunnel protection ipsec
profile PROFILE-1
Associates the tunnel
interface with the IPsec
pro?¬?le
Con?¬?guring High Availability VPNs 57
Con?¬?guring High Availability VPNs
Figure 4-4 shows the network topology for IPSec stateful failover using the Hot Standby
Router Protocol (HSRP).
Figure 4-4 HSRP Stateful Failover
The programming steps for con?¬?guring a router (for this example, the HSRP1 and HSRP2
routers) for IPsec HRSP stateful failover are as follows:
Step 1. Configure Hot Standby Router Protocol on HSRP1.
Step 2. Configure site-to-site VPN on HSRP1.
Step 3. Add programming for crypto redundancy configuration.
Step 4. Define the interdevice communication protocol (HSRP1 and HSRP).
Step 5. Apply the programming at the interface.
Corporate
Headquarters
Branch Office
e 2/0
10.10.30.1/24
Fa0/0
128.107.55.2/28
VIP
10.10.20.3/24
Fa0/1
10.10.20.2/24
Fa0/0
10.10.20.13/24
Fa0/0
10.10.40.1/24
HSRP1
HSRP2
LAN
10.10.40.0/24
Winnipeg
Workstation 1
10.10.40.10/24
WS1
Border1
LAN
10.
Pages:
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64