Hi all,
i was trying to implement VPN between my cisco
1605 and FW-1 (fail-over configuration). I've seen some issues and maybe
someone can shade some light.
First i use DES+MD5 vpn and it works only with
one of the FW-1. Each of FW-1 has it's own IP and they also share VRRP IP
address. All the attempts to establish VPN between my Cisco and this "shared"
address had failed. Because only one of them currently answering to my Cisco -
so when Cisco sees that replay it gets has different IP address from the peer
it has to talk to - it simply doesn't establish the ISAKMP
channel.
I'll try to explain it :
FW-1.1 - IP address 10.0.0.1
FW-1.2 - IP address 10.0.0.2
VRRP IP address of both of them -
10.0.0.3
Cisco 1605 - 192.168.0.1
So what happens :
Cisco's peer is 10.0.0.3 -> and i get reply
from current master FW-1 (for example 10.0.0.1) - so as it follows - it
doesn't work.
Cisco's peer is 10.0.0.1 -> channel is
establishing and everything goes fine but i loose the fail-over thing
here.
Any clues what should be changed in this
configuration?
Thanks.
Daniel
Mester.
