Hi all,
i was trying to implement VPN between my cisco 1605
and FW-1 (fail-over configuration). I've seen some issues and maybe someone can
shade some light.
First i use DES+MD5 vpn and it works only with one
of the FW-1. Each of FW-1 has it's own IP and they also share VRRP IP address.
All the attempts to establish VPN between my Cisco and this "shared" address had
failed. Because only one of them currently answering to my Cisco - so when Cisco
sees that replay it gets has different IP address from the peer it has to talk
to - it simply doesn't establish the ISAKMP channel.
I'll try to explain it :
FW-1.1 - IP address 10.0.0.1
FW-1.2 - IP address 10.0.0.2
VRRP IP address of both of them -
10.0.0.3
Cisco 1605 - 192.168.0.1
So what happens :
Cisco's peer is 10.0.0.3 -> and i get reply from
current master FW-1 (for example 10.0.0.1) - so as it follows - it doesn't work.
Cisco's peer is 10.0.0.1 -> channel is
establishing and everything goes fine but i loose the fail-over thing
here.
Any clues what should be changed in this
configuration?
Thanks.
Daniel Mester.
|
- RE: VPN between Cisco and fail-over configuration of... Daniel Mester
- RE: VPN between Cisco and fail-over configurati... ext-Harri . Kotakoski