I am trying to mix two Cisco technologies and I am not have much luck, but I am pretty confident what I am trying to do can be done. Here's the setup:
My company has two Cisco 2800 routers with IPSec and FW IOS, which are used for shared VPN services. They only have two fastethernet interfaces, which are sub-interfaced for various customers (trunking). I am wanting to run HSRP on both the inside and outside - no problem. I also want to create DMVPN connections for some customers. That, in itself is no problem.....
The problem is mixing HSRP (and the IPSec redundancy features with replicating the SA database between two routers) with DMVPN and more specifically with the Tunnel interface(s) created with GRE Multicast.
Since my two VPN routers will have one HSRP address, which will end up being the public address used by customers as the VPN peer address, how is this one address referenced / related to the GRE tunnels that are created? You can't create standby ip's on Tunnel interfaces, however it seems to me you would need to be able to do that somehow.
One option I was thinking about is that, since one of my VPN routers will be a standby device (not active with HSRP address), then maybe I could give that router's tunnel interface the same IP address as that of the tunnel interface on the active router. In theory, this would not necessarily cause a duplicate-IP issue because that router isn't answering for packets destined for the standby ip anyway.
I don't want to get too deep - I probably haven't explained it very well, but I am setting this up and I am basically stuck. My tunnel interfaces are up, but line protocol is down with a message that the interface doesn't know the destination point of the tunnel subnet.