[c-nsp] GRE Tunnels to HSRP virtual IP?
Ed Ravin
eravin at panix.com
Mon Jul 17 16:53:03 EDT 2006
On Mon, Jul 17, 2006 at 03:37:54PM -0500, Eric Helm wrote:
Tunnel interfaces, by default are "up" regardless of whether they're
actually working. Put "tunnel keepalive" in the interface description
on both sides.
> Config snip for both sides:
> interface Tunnel100
> ip address 192.0.0.XXX 255.255.255.252
> ip mtu 1500
> tunnel source XXX.XXX.XXX.YYY
> tunnel destination XXX.XXX.XXX.XXX
>
> If I configure the tunnel to the actual IP assigned to the interface on
> the HSRP router, it works fine. Essentially, what I am needing is a VPN
> from the remote side to the HSRP router(s). If I need to configure 2
> tunnels, one to each routers actual IP, what is the best method to
> handle the routing to the remote subnet?
I suspect you need two tunnels - the virtual IP addresses provided by
HSRP are meant for end hosts to use as forwarding routers - and that's
it. Even if it worked, such "overloading" of the HSRP virtual IP address
is bound to get you into trouble.
Try setting up two tunnels, and in your IGP, mark the tunnel to the
standby router as being a less desirable route. That way, it should
only be used if the primary router goes south.
More information about the cisco-nsp
mailing list