Kings, Can you show me your configurations from both sides? Is this lab 2 that you are working on or just something on your own?
Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Apr 6, 2010, at 10:50 AM, Kingsley Charles wrote: > Hi Tyson/Brandon > > I have AIM-VPN/EPII-Plus enabled on both the routers. > > I went through the stateful IPSec of IPexpert lab. The configuration that I > am using now is same as the example given in the following link. > > The only difference is that I have enabled HSRP on only one interface. The > local ip/remote ip are off the interface which has HSRP and cryptp map. > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_failover_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html > > > With regards > Kings > > On Tue, Apr 6, 2010 at 10:27 PM, Kingsley Charles > <[email protected]> wrote: > All the ISRs has inbuilt onboard VPN module. > > > With regards > Kings > > On Tue, Apr 6, 2010 at 9:03 PM, Brandon Carroll <[email protected]> wrote: > Tyson is correct. I was thinking of Stateful Failover minus the IPSec part. > > ipc zone default > association 1 > no shutdown > protocol sctp > local-port 55001 > local-ip 9.9.156.6 > remote-port 50001 > remote-ip 9.9.156.11 > > > http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_fwall_state_fov.html#wp1167791 > > I did in fact forget about the requirements: > > The Cisco Integrated Services Routers (ISRs) and the VPN modules that support > stateful failover for IPsec are as follows: > > –<blank.gif>The AIM-VPN/BPII-PLUS and AIM-VPN/SSL-1 hardware encryption > modules are supported in a Cisco 1841 router. > > –<blank.gif>The AIM-VPN/EPII-Plus and AIM-VPN/SSL-2 hardware encryption > modules are supported in Cisco 2801, 2811, 2821 and 2851 routers. > > –<blank.gif>The AIM-VPN/EPII+ and AIM-VPN/SSL-3 hardware encryption modules > are supported in a Cisco 3825 router. > > –<blank.gif>The AIM-VPN/HPII+ and AIM-VPN/SSL3 hardware encryption modules > are supported in a Cisco 3845 router. > > –<blank.gif>The VPN Acceleration Module (VAM) and VAM2 hardware encryption > modules are supported in a Cisco 7200 series router. > > > Found here: > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_failover_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1043332 > > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE > (R&S, Voice, Security & Service Provider) certification(s) with training > locations throughout the United States, Europe, South Asia and Australia. Be > sure to visit our online communities at www.ipexpert.com/communities and our > public website at www.ipexpert.com > > > > On Apr 6, 2010, at 8:23 AM, Tyson Scott wrote: > >> You must have an AIM-VPN module installed to do testing with SSO. >> >> Regards, >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Technical Instructor - IPexpert, Inc. >> Mailto: [email protected] >> Telephone: +1.810.326.1444, ext. 208 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website atwww.ipexpert.com >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kingsley >> Charles >> Sent: Tuesday, April 06, 2010 7:17 AM >> To: [email protected] >> Subject: [OSL | CCIE_Security] IPSec with SSO >> >> Hi all >> >> I am trying to configure IPSec with SSO. >> >> >> router1#show redundancy states >> my state = 13 -ACTIVE >> peer state = 1 -DISABLED >> Mode = Simplex >> Unit ID = 0 >> >> >> Can someone please let me know the reasons, why the peer state is disabled. >> >> >> >> With regards >> Kings >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
