Cisco CCNP ISCW Exam Tutorial

Virtual Private Networks And HSRP Stateless Failover

By Chris Bryant, CCIE #12933

In today's CCNP certification tutorial, we'll take a look at how the Hot Standby Routing Protocol (HSRP) can serve as a backup for our Virtual Private Network (VPN) configuration.

For this example, we'll assume a two-router HSRP configuration. R3 has been selected as the Active router, with R2 serving as the Standby. The HSRP configuration is using the IP address 172.12.23.10 for the virtual router.

The HSRP group IP address is the one that will actually be configured on the remote peer.  The VPN will be built to one of the routers in the HSRP group - in this case, R3, since R3 is the primary. 

If the HSRP group's primary router goes down, that VPN does come down - but another will be quickly built to the new primary.  In this case, that has to be R2, since that's the only other router in the group!

When the original primary comes back on line, that router will again become the primary due to the preempt option we configured.  As a result, the VPN to R2 will be torn down, since R2 is now the backup router, and the VPN will again be built to R3.

This method is stateless HSRP failover, and the issue with stateless HSRP redundancy is that there is a period of time where no VPN exists - the first tunnel goes down, and a new one has to be built.  Using stateful HSRP redundancy eliminates that lack of VPN connectivity.

We'll take a look at the pros and cons of stateful HSRP redundancy in a future installment of my CCNP ISCW exam tutorial series -- and in the meantime, download your copy of my ISCW Study Package or The Ultimate CCNP Study Package Bundle, which covers all four CCNP exams, and be totally prepared for CCNP exam success!

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com