The document you mentioned should be under the "Security and VPN Technology" Section (not any particular IOS version):
Select Your Product or Technology ( http://www.cisco.com/cisco/web/psa/default.html?mode=prod) > Technology > Security and VPN > IPSec Negotiation/IKE Protocols > Design Technotes but I can't see it there either :-) So maybe I'm on drugs too :-D Anyway, if you're looking for a documentation about IPSec High Availability, try this one: Cisco IOS Software Releases 12.4 T > Configuration Guides > VPN > Secure Connectivity Configuration Guide Library, Cisco IOS Release 12.4T > VPN Availability Configuration Guide, Cisco IOS Release 12.4T The moment where you might be willing to reboot the router is probably during SSO configuration: http://www.cisco.com/en/US/partner/docs/ios-xml/ios/sec_conn_vpnav/configuration/12-4t/sec-state-fail-ipsec.html#GUID-3AB37A97-7F03-437E-BD89-E67C5CCF6C89 Sometimes routers don't see each other properly after configuring ipc zone. Here you've got a great article about IPSec HA: http://packetlife.net/blog/2009/aug/17/fun-ipsec-stateful-failover/ Marta Sokolowska. 2012/7/18 Eugene Pefti <eug...@koiossystems.com> Ok, I don’t mind being on drugs made by Cisco for the time being only ;)** > ** > > Apparently the guide I referred to was the easiest to find with good > examples and theoretically should be available on Cisco docs.**** > > ** ** > > Now a bit of sharing for this technology.**** > > I don’t know if 1841 router is a good platform to test IPSec stateless > failover as all guides reference hi-end routers.**** > > Anyways it seemed to work on mine 1841. And I remember Kings once > mentioned here that a reboot is required at some point.**** > > I didn’t care to ask at what point, what router should be rebooted, HSRP > primary or standby. **** > > When I started adding a crypto map to the interface of the HSRP primary > router with a redundancy option it kept telling me the following:**** > > ** ** > > *%IP redundancy is not configured on this interface* > > ** ** > > I didn’t have any problem adding this crypto map to the standby router > though.**** > > Then I rebooted the primary router and was able to add the crypto map with > the redundancy option. Don’t know if it is a requirement or a software > defect.**** > > Just wanted to bring it up again and share.**** > > ** ** > > *From:* Matt Hill [mailto:mayd...@gmail.com] > *Sent:* Tuesday, July 17, 2012 3:42 PM > *To:* Eugene Pefti > *Cc:* ccie_security@onlinestudylist.com > *Subject:* Re: [OSL | CCIE_Security] Lost in Cisco docs**** > > ** ** > > Firstly, youre on drugs. **** > > ** ** > > Second, I've found some things under some software versions but completely > missing from the same sections in others. If I need something and it's not > there I'll look under a different version and generally I can find it. *** > * > > ** ** > > Cheers. > > On Wednesday, July 18, 2012, Eugene Pefti wrote:**** > > Folks, **** > > I’m either on drugs or Cisco made it on purpose.**** > > There’s this guide on IPSec with HSRP**** > > **** > > > http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800942f7.shtml > **** > > **** > > As you see it is in Design Technotes section.**** > > If I try to navigate to “Design TechNotes” from the Support home page I > end up seeing this list of available guides:**** > > **** > > > http://www.cisco.com/en/US/partner/tech/tk583/tk372/tech_tech_notes_list.html > **** > > **** > > Where’s the mentioned HA IPSec guide ? ;)**** > > **** > > Eugene**** > > **** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
