View Full Version : VPN with VRRP SUPPORT

2006-07-17, 01:15
Hi Team,

i would like to confirm if it is normal behaviour for VPN with VRRP support.(HA)

i have two IP380 running IPSO3.8 with NG R55, physical ip for fw1 is and physical ip for fw2 is, VRRP ip is, when isakmp is negotiating, VRRP ip address is using for both inbound and outbound connection, however when ipsec is negotiating, VRRP is using for inbound connection but physical ip of active box is using for outbound connection. Here are tcpdump on external interface:

17:51:23.959990 I > [|isakmp]

17:51:23.966668 O > [|isakmp]

17:51:24.281775 O > ESP(spi=8a8e5160,seq=0x1)

17:51:26.755997 I > ESP(spi=8d6ca8fe,seq=0x1)

17:51:26.765775 O > ESP(spi=8a8e5160,seq=0x2)

any information or comments will be appreciated.

Best regards,


2006-07-17, 08:45
you should be seeing the traffic coming from your VRRP address.
do you have the VRRP address defined as the IP of the cluster object?

2006-07-17, 09:10
of course, VRRP ip address is used as ip of cluster object.

It is really weird.



2006-07-19, 11:49
Hi All,

Do you know if there is any way to force the Nokia IP380 to use VRRP ip for VPN outbound connections?

My system:

-two ip380 running IPSO3.8
-NG with application intellegence, R55.

VRRP was configured on both, but active box ip was used for VPN outbound connections and being dropped by VPN peers.

Any help will be appreciated.

Best regards,