HSRP Question

Got a question about HRSP:

So I am looking at this:

interface GigabitEthernet0/0
 ip address XXXXXXX
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 standby 1 ip XXXX
 standby 1 priority 120
 standby 1 preempt
 standby 1 name VPNHA
 standby 1 track 1 decrement 20
 standby 1 track 2 decrement 20
 crypto map XXXXXX redundancy XXXXX stateful
 !

My question is under standby 1 track 1, is there a way to see what tracked object this is? I mean, I know you could put a interface in there (which is what I want/probably will do) but I just want to know what command displays the tracked objects.

Also does anyone have any experience with HA IPSEC VPN tunnels, specifically if it can be done without the use of a routing protocol?

Find more posts tagged with

Comments

shodown

I was sending the you to the HSRP configuration guide in IOS 12.4 but the link sends you to cisco's web page.

jason_lunde

Try just 'show track [num]'.
Edit:nvrmind...didnt read your post entirely.

Bl8ckr0uter

shodown wrote: »

Cisco.com Login Page

I was reading this earlier and just reread it. It still doesn't answer my question (or I am missing it). Where are the tracknumber to track object mappings displayed? I have looked all over the running config and I just can't find it.

jason_lunde

so if you do a 'show run | i track' you get no output? Or am I totally missing what you are trying to find?

networker050184

Its for use with the ip sla/rtr feature. So use show ip sla or rtr depending on IOS.

Bl8ckr0uter

jason_lunde wrote: »

so if you do a 'show run | i track' you get no output? Or am I totally missing what you are trying to find?

Ok I am a id10t. This does give me what I was looking for:

track 1 interface GigabitEthernet0/0 line-protocol
track 2 interface GigabitEthernet0/1 line-protocol
 standby 1 track 1 decrement 20
 standby 1 track 2 decrement 20
 standby 1 track 1 decrement 20
 standby 1 track 2 decrement 20

I was doing sh run | in track, | in standby and some other stuff. This config is literally 15 pages long. Thanks guys!

Now about my second question:

Also does anyone have any experience with HA IPSEC VPN tunnels, specifically if it can be done without the use of a routing protocol?

I am starting to think this isn't possible because the "failover" would happen when the routing tables are updated and that would have to happen dynamically. The SR is against using any routing protocols (only a ton of static routes) for some reason. I am thinking the only way we are going to be able to do this is with a routing protocol. I could be very wrong....

If any of you have set up IPSEC HA on multiple routers, what did you use to "failover". Basically in a situation like this:

Internet 
          IPSEC/GRE-----------------------
                                            Router 1 ---------------------
                                                                 InternalRouter
                                            Router 2 -----------------------
         IPSEC/GRE-----------------------
Internet

How could you fail over the tunnels to using one pipe instead of the other in the event of a failure? GLBP with ipsec or something like that?