Options
HSRP Question
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
in CCNP
Got a question about HRSP:
So I am looking at this:
Also does anyone have any experience with HA IPSEC VPN tunnels, specifically if it can be done without the use of a routing protocol?
So I am looking at this:
interface GigabitEthernet0/0 ip address XXXXXXX ip nat outside ip virtual-reassembly duplex auto speed auto standby 1 ip XXXX standby 1 priority 120 standby 1 preempt standby 1 name VPNHA standby 1 track 1 decrement 20 standby 1 track 2 decrement 20 crypto map XXXXXX redundancy XXXXX stateful !My question is under standby 1 track 1, is there a way to see what tracked object this is? I mean, I know you could put a interface in there (which is what I want/probably will do) but I just want to know what command displays the tracked objects.
Also does anyone have any experience with HA IPSEC VPN tunnels, specifically if it can be done without the use of a routing protocol?
Comments
-
Options
shodown
Member Posts: 2,271
-
Optionsjason_lunde
Member Posts: 567
Try just 'show track [num]'.
Edit:nvrmind...didnt read your post entirely. -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
I was reading this earlier and just reread it. It still doesn't answer my question (or I am missing it). Where are the tracknumber to track object mappings displayed? I have looked all over the running config and I just can't find it. -
Optionsjason_lunde
Member Posts: 567
so if you do a 'show run | i track' you get no output? Or am I totally missing what you are trying to find?
-
Options
networker050184
Mod Posts: 11,962 Mod
Its for use with the ip sla/rtr feature. So use show ip sla or rtr depending on IOS.An expert is a man who has made all the mistakes which can be made. -
OptionsBl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
jason_lunde wrote: »so if you do a 'show run | i track' you get no output? Or am I totally missing what you are trying to find?
Ok I am a id10t. This does give me what I was looking for:track 1 interface GigabitEthernet0/0 line-protocol track 2 interface GigabitEthernet0/1 line-protocol standby 1 track 1 decrement 20 standby 1 track 2 decrement 20 standby 1 track 1 decrement 20 standby 1 track 2 decrement 20
I was doing sh run | in track, | in standby and some other stuff. This config is literally 15 pages long. Thanks guys!
Now about my second question:
I am starting to think this isn't possible because the "failover" would happen when the routing tables are updated and that would have to happen dynamically. The SR is against using any routing protocols (only a ton of static routes) for some reason. I am thinking the only way we are going to be able to do this is with a routing protocol. I could be very wrong....Also does anyone have any experience with HA IPSEC VPN tunnels, specifically if it can be done without the use of a routing protocol?
If any of you have set up IPSEC HA on multiple routers, what did you use to "failover". Basically in a situation like this:Internet IPSEC/GRE----------------------- Router 1 --------------------- InternalRouter Router 2 ----------------------- IPSEC/GRE----------------------- InternetHow could you fail over the tunnels to using one pipe instead of the other in the event of a failure? GLBP with ipsec or something like that?
