Cisco Cisco IOS Software Releases 12.2 MC Libro bianco
IPSec Stateful Failover (VPN High Availability)
Configuration Examples
22
Cisco IOS Release 12.2(11)YX, 12.2(11)YX1, 12.2(14)SU, 12.2(14)SU1, and 12.2(14)SU2
Applying Crypto Map Sets to Interfaces Example
The following example shows the application of a crypto map:
interface FastEthernet0/1
crypto map SDM_CMAP_1 ssp 1
Configuration Examples
The following examples show sample output for IPSec HA configurations:
Example 1
hostname 7200-1
!
ssp group 1
remote 172.16.31.6
redundancy ISP
redundancy LAN
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.3.1
crypto isakmp ssp 1
!
!
!
crypto ipsec transform-set TRANSFORMSET_1 esp-3des esp-sha-hmac
!
crypto map CMAP_1 1 ipsec-isakmp
description Tunnel to 192.168.3.1
set peer 192.168.3.1
set transform-set TRANSFORMSET_1
match address 100
!
interface FastEthernet0/0
description INSIDE_INTERFACE
ip address 172.16.31.100 255.255.255.0
standby delay minimum 30 reload 60
standby 1 ip 172.16.31.1
standby 1 timers msec 500 3
standby 1 preempt
standby 1 name LAN
standby 1 track FastEthernet0/1
!
interface FastEthernet0/1
description OUTSIDE_INTERFACE
Step 3
Router (config)# end
Exit interface configuration mode.
Step 4
Repeat these steps to apply crypto maps on each router.
Command
Purpose