cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4644
Views
0
Helpful
47
Replies

Easy VPN GRE

jack samuel
Level 1
Level 1

Hi folks,

My routers at two  different sites are connected through GRE tunnels. I want to configure  IPSec over it, but throug easy vpn server and client setup. Is it  possible???? Apparently the most reasonable configuration for the mentioned  scenario is site-to-site vpn, but I want to configure it through easy  vpn. I would also appreciate if some one can refer to any configuration  example of such kind of setup.The GRE tunnel is up and pings are successful but the traffic which passess through is not encryted.

Thanks

47 Replies 47

Dear Rizwan,

I tried by interface line protocol tracking and i got the succcess.I willl apply live i will updat ethe rating for you for all ur replies.

I have below queries for my further information please answer:

question:I have uploaded the latest IOS on the router c870-advipservicesk9-mz.124-24.T7.bin but still the situation is same for IP SLA ,

i tried by uploading 3 different IOS one by one but still the situation is same .It cant be as such that all IOS are having BUG,

Answer: I think there is some different way to configure the ip sla on 800 sereis routers??? please reply ur answer.

Question: ON MY BRANCH ROUTER i have these below routes, when i remove the cable from the ADSL interface, the default route to dialer 0 interface is been deleted and the async route  comes in the routing table for a seconds approx 10 to 20 sec and  the dialer 0 route comes back again in the routing table though i have not connected a ADSL interface back again. Is it normal???? when dialer 0 comes back again in the routing table all traffic is dropped.

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 Async1 89

Answer: what actually dialer watch does it removes the route from the routing table ???? if the dialer 0 interface remains up after removing the cable then how the default route will be deleted from the routing table, as i have seen in my scenario when i remove the cable from atm interface the dialer 0 line protocol remain up and i think that is the reason the default route is not been deleted  by the routing table..-----pls reply with ur answer

ON HO,

After the route failover to async interface it doesnt fails back again to BVI. And connectivity from branch routers is lost. But branch comes online with ADSL still the HO remains with aysnc interface.

Answer: ??????

Thanks

Hi Jack,

"question :I have uploaded the latest IOS on the router c870-advipservicesk9-mz.124-24.T7.bin but still the situation is same for IP SLA ,"

Your IP-SLA config looks fine, there another option you may want to try, is by with different model cisco router.

"I think there is some different way to configure the ip sla on 800 sereis routers???" there is nothing much to it, as far as tracking object is concern.  It is tracking and IP-SLA definetion.

.

"i have not connected a ADSL interface back again. Is it normal????"

static-routes do not failover on their own, without incorporating with IP-SLA with it, otherwsie there would be no need for IP-SLA at first place.

--------------------------------

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 0.0.0.0 0.0.0.0 Async1 89

these routers do not failover and failback on their own, without IP-SLA and tracking.

__________________

"what actually dialer watch does it removes the route from the routing table ????"

Yes, it watches given defined routes and it may well suit your setup need, because I reliazed you cannot use dyamic-protocol due to the reason, the routing-protocol keeps the Async interface up (hello packets).  Like I showed you above example, if you do have to use a routing-protocol for primary ADSL connection but yet you must deny routing-protocol's hello packets going via the Async interface, in order to Async interface to go down, when ADSL connection comes back online.

exampel: "dialer watch-list 100 ip 0.0.0.0 0.0.0.0"

"After the route failover to async interface it doesnt fails back again to BVI."

Just like I said above, the routes won't failover without IP-SLA configured.

"when i remove the cable from atm interface the dialer 0 line protocol remain up and i think that is the reason the default route is not been deleted  by the routing table"

Default idle-timeout is 300 seconds on ATM interface and "inarp" is 10 min by default you may check with your ISP.

http://www.cisco.com/en/US/docs/ios/12_2/wan/command/reference/wrfatmtx.html#wp1018694

Hope that answers your question.

thanks

Rizwan,

I will update the rating for all ur previous replies just waiting to go live without any issues so that i dont want to open a new question;

Hence i have not confgured the dialer watch i m doing by our previous discussion of EIGRP and instead of ip sla i m tracking line protocol.

After the route failover to async interface it doesnt fails back again to BVI."

Just like I said above, the routes won't failover without IP-SLA configured.

I am speaking when i have configured the tracking and IP SLA

Default idle-timeout is 300 seconds on ATM interface and "inarp" is 10 min by default you may check with your ISP.

NO it is not 5 min .!!!!!!! when i remove the cable from atm interface it goes down after 3 sec, but still the default route remains in the routing table though i have configured dialer watch on the router.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: