[c-nsp] IPsec Stateful Failure question
Ronan Mullally
ronan at iol.ie
Thu Nov 5 07:17:34 EST 2009
Before I jump in both feet first and try configuring it, the Stateful
Failure for IPsec guide (12.4) says:
"A stateful failover crypto map applied to an interface in a VRF instance
is not supported. However, VRF-aware IPSEC features are supported when a
stateful failover crypto map is applied to an interface in the global
VRF".
If I read this right, then configuring things like this:
interface Port-channel1.106
description Customer X VPN - Front Door VRF
mtu 1600
encapsulation dot1Q 106
ip vrf forwarding f-CustomerX
ip address 1.2.3.4 255.255.255.248
ip mtu 1500
standby 106 ip 1.2.3.5
standby 106 follow vpn-vip
standby 106 name f-customerx-vip
crypto map CustomerX redundancy f-customerx-vip
end
Means I'm not going to be able to do stateful failover, correct?
-Ronan
More information about the cisco-nsp
mailing list