How to Configure IOS Site-Site With Stateless Failover

R1
interface f0/0
no shutdown
ip add 192.168.101.10 255.255.255.0
int s0/0
no shutdown
ip add 101.1.1.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 101.1.1.1
R2
interface fastEthernet 0/0
no shutdown
ip add 192.168.101.20 255.255.255.0
int s0/0
no shutdown
ip add 102.1.1.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 102.1.1.1
ISP
int s0/0
no shutdown
ip add 101.1.1.1 255.255.255.0
int s0/1
no shutdown
ip add 102.1.1.1 255.255.255.0
int s0/2
no shutdown
ip add 103.1.1.1 255.255.255.0
R3
interface fastEthernet 0/0
no shutdown
ip add 192.168.102.1 255.255.255.0
no shutdown
int s0/0
no shutdown
ip add 103.1.1.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 103.1.1.1
R3
R3# ping 101.1.1.100
#Type escape sequence to abort.
#Sending 5, 100-byte ICMP Echos to 101.1.1.100, timeout is 2 seconds:
#!!!!!
#Success rate is 100 percent (5/5), round-trip min/avg/max = 1/25/64 ms
R3# pin
R3#ping 102.1.1.100
#Type escape sequence to abort.
#Sending 5, 100-byte ICMP Echos to 102.1.1.100, timeout is 2 seconds:
#!!!!!
#Success rate is 100 percent (5/5), round-trip min/avg/max = 1/15/48 ms
R1
interface f0/0
standby 1 ip 192.168.101.1
standby 1 preempt
standby 1 priority 101
standby 1 track serial 0/0
R2
int f0/0
standby 1 ip 192.168.101.1
standby 1 preempt
R1
crypto isakmp policy 1
authentication pre-share
encryption aes
hash sha
group 5
lifetime 1800
exit
crypto isakmp key shiva add 103.1.1.100
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
mode tunnel
exit
crypto ipsec security-association lifetime seconds 1800
access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255
crypto map test 10 ipsec-isakmp
set transform-set t-set
set peer 103.1.1.100
match address 101
int s0/0
crypto map test
R2
crypto isakmp policy 1
authentication pre-share
encryption aes
hash sha
group 5
lifetime 1800
exit
crypto isakmp key shiva add 103.1.1.100
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
mode tunnel
exit
crypto ipsec security-association lifetime seconds 1800
access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255
crypto map test 10 ipsec-isakmp
set transform-set t-set
set peer 103.1.1.100
match address 101
int s0/0
crypto map test
R3
crypto isakmp policy 1
authentication pre-share
encryption aes
hash sha
group 5
lifetime 1800
exit
crypto isakmp key shiva add 101.1.1.100
crypto isakmp key shiva add 102.1.1.100
crypto isakmp keepalive 10 10
crypto ipsec transform-set t-set esp-aes esp-sha-hmac
mode tunnel
exit
crypto ipsec security-association lifetime seconds 1800
access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.101.0 0.0.0.255
crypto map test 10 ipsec-isakmp
set transform-set t-set
set peer 101.1.1.100 default
set peer 102.1.1.100
match address 102
int s0/0
crypto map test
exit
R3
R3# ping 192.168.101.1 source fastEthernet 0/0 repeat 999999999
#Type escape sequence to abort.
#Sending 999999999, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:
#Packet sent with a source address of 192.168.102.1
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R1# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
101.1.1.100 103.1.1.100 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
R1# sh crypto ipsec sa
interface: Serial0/0
Crypto map tag: test, local addr 101.1.1.100
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.102.0/255.255.255.0/0/0)
current_peer 103.1.1.100 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 455, #pkts encrypt: 455, #pkts digest: 455
#pkts decaps: 455, #pkts decrypt: 455, #pkts verify: 455
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 101.1.1.100, remote crypto endpt.: 103.1.1.100
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0
current outbound spi: 0x22BFB79F(582989727)
inbound esp sas:
spi: 0xE8BC3E68(3904650856)
transform: esp-aes esp-sha-hmac
R1
R1(config)# interface s0/0
R1(config-if)# sh
R1(config-if)# shutdown
R2
*Mar 1 00:10:32.911: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
R2# sh crypto isakmp
*Mar 1 00:10:58.791: %SYS-5-CONFIG_I: Configured from console by console
R2# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
103.1.1.100 102.1.1.100 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
R2#sh crypto ipsec sa
interface: Serial0/0
Crypto map tag: test, local addr 102.1.1.100
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.101.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.102.0/255.255.255.0/0/0)
current_peer 103.1.1.100 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 328, #pkts encrypt: 328, #pkts digest: 328
#pkts decaps: 328, #pkts decrypt: 328, #pkts verify: 328
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 102.1.1.100, remote crypto endpt.: 103.1.1.100
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0
current outbound spi: 0xB97B132C(3111850796)
inbound esp sas:
spi: 0x44BEA89A(1153345690)
transform: esp-aes esp-sha-hmac
R3
R3# ping 192.168.101.1 source fastEthernet 0/0 repeat 999999999
#Type escape sequence to abort.
#Sending 999999999, 100-byte ICMP Echos to 192.168.101.1, timeout is 2 seconds:
#Packet sent with a source address of 192.168.102.1
#.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Nice Explanations and really helpful.