Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
0
Helpful
5
Replies

Virtual routers

rvr_76bg
Level 1
Level 1

‎12-17-2012 01:59 AM - edited ‎03-03-2019 06:53 AM

Hello guys,

I am not even sure this will work but let me give it a try. I have a client that wants me to bring up 2 VPN tunnels from my company to 2 Data Centers of the client – meaning 2 parallel Tunnel between us and the client. So over both Tunnels the client will access same resources on my side and they want failover option, when 1 tunnel is down to re-route over the 2nd automatically. Automatically means I have to use a routing protocol to detect what path is available at the moment. That is forcing me to run routing between my sites as well ( WAN routing I already have of course) over the tunnels. So I will have something like 4 points in a square that will route between them. This is not really complicated. The complicated part is coming with the fact the client wants me to cover  ISP failures which is fine since I am already multihomed and device failure meaning I have to have 2 devices per site (whatever I pick – ASAs or Routers). Do we have a technology that will make 2 routers to work like one? Something like Active/Standby in ASA? Because I have to have them covering the same tunnel ( sourse and destination for the VPN tunnels have to be virtually covered like Active/Standby in ASAs) so no one of the Standby protocols available in routers are applicable here. Let me know if you want me to attach a basic diagram…

Thanks in advance!

rvr

Labels:
0 Helpful
5 Replies 5

danabersoch
Level 1
Level 1

‎12-17-2012 11:45 AM

You will probably get away with using VTI's or GRE based IPsec tunnels and then running a routing protocol over it, if one of the ipsec tunnels is down then there won't be any routes over that tunnel, leaving the route down the 'other tunnel'.

Try looking through the document below:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎12-18-2012 07:29 AM

I would select a router as there is lot more flexibility in what you can do. Take a look at DMVPN and reverse-route injection (RRI). One of those should work for you as well as VTI.

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎12-18-2012 08:10 PM

This can be done using DMVPN with dual hub design and from client end they need one tunnel
This need a cisco router nit asa
Have a look at this document I posted previously on CSC it's good place to start with
https://supportforums.cisco.com/docs/DOC-8356

Hope this help

Sent from Cisco Technical Support iPhone App

0 Helpful

rvr_76bg
Level 1
Level 1

‎12-19-2012 04:33 AM

Guys, thanks very much, all this is very very helpful.

Cheers,

rvr

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to rvr_76bg

‎12-19-2012 09:16 PM

happy to help and please rate the helpful posts

0 Helpful
Customers Also Viewed These Support Documents