Technical information
88
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuration Examples
switchport mode trunk
cdp enable
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
no mop enabled
crypto map cm1
!
interface Vlan502
no ip address
crypto connect vlan 2
!
interface Tunnel1
ip address 10.1.1.1 255.255.255.0
tunnel source vlan2
tunnel destination 192.168.1.254
!
ip route 5.0.0.0 255.255.255.0 Tunnel1
!
ip access-list extended acl1
permit gre host 192.168.1.1 host 192.168.1.254
!
HSRP
For complete configuration information for HSRP, refer to this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1833/products_feature_guide09186a0080086f3f.html
The reverse route injection (RRI) feature is used to allow dynamic routing information updates during
the HSRP and IPSec failover. For complete configuration information on RRI support, refer to this URL:
http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_tech_note09186a00800942f7.shtml
HSRP has been coupled with IPSec to track state changes and provide a stateless IPSec failover
mechanism. These sections provide HSRP configuration examples:
• Active Catalyst Switch Configuration, page 88
• Standby Catalyst Switch Configuration, page 90
• Remote Catalyst Switch Configuration, page 92
Note For guidelines on how to configure an IPSec stateful failover, see the “Using IPSec Stateful Failover and
the VPN Module” section on page 36.
Active Catalyst Switch Configuration
The active Catalyst switch configuration is as follows:
Active# show run
Building configuration...
Current configuration : 2235 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Active