Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2785
Views
0
Helpful
3
Replies

2 GRE Tunnel in same router with 2 ISP

NAGISWAREN2
Level 1
Level 1

‎12-20-2011 11:39 PM - edited ‎03-04-2019 02:42 PM

Hi all,

I would like to do VPN Load Balancing / Polciy Route VPN in cisco router from Branch to HQ. But using IPSec VPN only, we cant accomplish VPN Load Balancing / Multiple tunnel to same destination in simgle router. So I planned to use VTI(Virtual Tunnel interface) or GRE over IPSec.

Here is the setup

HQ :

LAN --- Cisco Router ---- Load Balancer  --- Multiple ISP link

Explanation : HQ having cisco router, and a Load Balancer which Multiple ISP link connected to it.

Branch:

LAN --- Cisco router -- ISP 1 & ISP 2

Explanation : Branch have cisco router and Both ISP 1 & 2 connected to same router (NO LoadBalancer)

Config template

---------------------------------------------------------------------------------

Branch Tunnel source  ----> Branch Tunnel destination

Branch ISP 1              -----> HQ ISP 1

Branch ISP 2              ----> HQ ISP 2

Branch have two Tunnel interface, each using one ISP link to establish tunnel to HQ ISP as above mentioned. But in here, the problem is, HQ router not directly connected to internet link as branch. So those tunnel destination IP in branch router configured is belongs to Load Balancer (not HQ router WAN IP). If let say i forward those IP from Load Balancer to HQ router (GRE), will the tunnel get established?  Is it must the internet link connected to router and the IP is belongs to the router itself?

Regards, Nagis
Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎12-21-2011 02:46 AM

If you want the tunnel to terminate on the HQ router then the tunnel destination must be an address of the HQ router.

HTH

Rick

HTH

Rick
0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni

‎12-21-2011 03:42 AM

Load balancer between gre tunnels and IPSec is a problem and will cause issues and complexity to you

Sent from Cisco Technical Support iPhone App

0 Helpful

NAGISWAREN2
Level 1
Level 1
In response to Marwan ALshawi

‎12-21-2011 05:53 PM

HI all,

I want to policy route between two GRE Tunnel , not between GRE and IPSec ... Meaning to say 2 GRE Tunnel from Branch to HQ. Since I have multiple Branch with Dynamic IP, i planned to use DMVPN. Branch will have 2 two tunnel , each pointing destination IP to different HQ WAN link IP. But in HQ router , it would need to specify source IP , where its must match the destination IP which confgured in branch router.  The problem is, those source IP in HQ is not belongs to router. Its at HQ Load Balancer. Can I jus port forward (GRE) from LB to router ? is this would work? when I configured source IP which not belongs to HQ router, the router didnt give any error msg saying it must belongs to router IP.

Regards, Nagis
0 Helpful
Customers Also Viewed These Support Documents