Hi Tyson/Brandon I have AIM-VPN/EPII-Plus enabled on both the routers.
I went through the stateful IPSec of IPexpert lab. The configuration that I am using now is same as the example given in the following link. The only difference is that I have enabled HSRP on only one interface. The local ip/remote ip are off the interface which has HSRP and cryptp map. http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_failover_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html With regards Kings On Tue, Apr 6, 2010 at 10:27 PM, Kingsley Charles < [email protected]> wrote: > All the ISRs has inbuilt onboard VPN module. > > > With regards > Kings > > On Tue, Apr 6, 2010 at 9:03 PM, Brandon Carroll > <[email protected]>wrote: > >> Tyson is correct. I was thinking of Stateful Failover minus the IPSec >> part. >> >> ipc zone default >> association 1 >> no shutdown >> protocol sctp >> local-port 55001 >> local-ip 9.9.156.6 >> remote-port 50001 >> remote-ip 9.9.156.11 >> >> >> >> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_fwall_state_fov.html#wp1167791 >> >> I did in fact forget about the requirements: >> >> The Cisco Integrated Services Routers (ISRs) and the VPN modules that >> support stateful failover for IPsec are as follows: >> >> –The AIM-VPN/BPII-PLUS and AIM-VPN/SSL-1 hardware encryption modules are >> supported in a Cisco 1841 router. >> >> –The AIM-VPN/EPII-Plus and AIM-VPN/SSL-2 hardware encryption modules are >> supported in Cisco 2801, 2811, 2821 and 2851 routers. >> >> –The AIM-VPN/EPII+ and AIM-VPN/SSL-3 hardware encryption modules are >> supported in a Cisco 3825 router. >> >> –The AIM-VPN/HPII+ and AIM-VPN/SSL3 hardware encryption modules are >> supported in a Cisco 3845 router. >> >> –The VPN Acceleration Module (VAM) and VAM2 hardware encryption modules >> are supported in a Cisco 7200 series router. >> >> Found here: >> http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_failover_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1043332 >> >> >> >> Regards, >> >> Brandon Carroll - CCIE #23837 >> Senior Technical Instructor - IPexpert >> Mailto: [email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> On Apr 6, 2010, at 8:23 AM, Tyson Scott wrote: >> >> You must have an AIM-VPN module installed to do testing with SSO. >> >> Regards, >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Technical Instructor - IPexpert, Inc. >> Mailto: [email protected] >> Telephone: +1.810.326.1444, ext. 208 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website atwww.ipexpert.com >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Tuesday, April 06, 2010 7:17 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] IPSec with SSO >> >> Hi all >> >> I am trying to configure IPSec with SSO. >> >> >> router1#show redundancy states >> my state = 13 -ACTIVE >> peer state = 1 -DISABLED >> Mode = Simplex >> Unit ID = 0 >> >> >> Can someone please let me know the reasons, why the peer state is >> disabled. >> >> >> >> With regards >> Kings >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> >
<<blank.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
