![]() Stateful switchover (SSO) is an IOS feature which can provide inter-device service synchronization and stateful failover. Group name is "BRANCH-5-TUNNEL" (cfgd) Enabling SSO Mac ipsecuritas cisco asa no xauth mac#Local virtual MAC address is 01 (v1 default) Verify that HSRP is functioning before proceeding:Ģ state changes, last state change 00:00:11Īctive virtual MAC address is 01 R2(config-if)# standby 1 name BRANCH-5-TUNNELįurther HSRP configuration tweaks, such as setting custom timers or adding interface tracking can be accomplished as you would expect (and would be recommended for a real-world deployment). R1(config-if)# standby 1 name BRANCH-5-TUNNEL We can use IOS's stateful IPsec failover feature to dual-home a single IPsec tunnel from the branch router (R4) to the two distribution routers (R1 and R2) using HSRP and SSO.įirst, an HSRP group must be configured on the two distribution routers: The branch pictured is just one of dozens which are to be configured similarly. Cisco IOS offers an alternative approach using a feature known as stateful IPsec failover to terminate an IPsec tunnel on multiple devices at one or both ends for failover.Ĭonsider the following topology of a branch site connected to a corporate headquarters: While simple, this approach means maintaining twice the configuration and consuming twice the address space. One way to provide failover for IPsec tunnels is to simply configure two independent tunnels between two sites. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |