12-02-2016 02:46 AM - edited 03-05-2019 07:35 AM
Hi,
I am having GRE VPN Tunnel to US. At India,we have 2 Internet Circuit and hence running 2 tunnel to same US end point. I am able to achieve the HA for GRE VPN tunnel connectivity using EIGRP DELAY metric. But since, I am having a default route for the local Internet on the LAN Switch. There is difficulty in achieve the redundancy for local Internet connectivity. Please suggest, how to achieve this redundancy for local Internet Connectivity, when one of the Internet Circuit fails.
Attaching the rough network topology. Please suggest.
12-02-2016 04:09 AM
Run HSRP between routers and use default-gateway on LAN switch rather than default route.
So the primary router will have default route pointing to internet and then secondary default route pointing to second HSRP router local IP with high metric and then on secondary HSRP router you will also have default router pointing to ISP on that router but with metric higher than both primary HSRP router default routes
12-02-2016 04:13 AM
By metric above I meant Administrative distance and then you have to track it with IP SLA as well
Please rate helpful posts
12-04-2016 07:05 AM
Thank you Junaid and tsheltonuk.
I have already achieved the failover for GRE Tunnel using EIGRP delay metric. Hope the HSRP works here as well, for achieving the failover for local Internet.
I am sharing the configuration for LAN Switch, VPN Router 1 and VPN Router 2. Could you please help with the hsrp configuration to achieve the Internet failover, without disturbing existing GRE Tunnel failover config.
12-04-2016 10:48 PM
Also, I noticed that, the secondary Router have only 2 physical interface, which is already used. Can we use the loopback interface to track the neighbor for HSRP ?
12-05-2016 02:53 AM
12-05-2016 03:56 AM
That's right you will also have to use IP SLA on routers for tracking so that if primary route goes down then the traffic should be shifted to secondary link
12-05-2016 03:07 AM
You will need to configure LAN Interface as trunk and then configure sub interfaces on VPN router and track HSRP on that so GI 0/0 LAN interface will be trunk on switch side and on router side it will be no routing port
VPN Router1:
interface GigabitEthernet0/0 no ip address negotiation auto
interface GigabitEthernet0/0.5 encapsulation dot1Q 5 ip address 172.20.4.5 255.255.254.0 ip helper-address (DHCP Server) ip nat inside standby 5 ip 172.20.4.1 standby 5 priority 110 standby 5 preempt delay minimum 60 ip route 0.0.0.0 0.0.0.0 172.20.4.2 10
Pretty much same config for VPN Router 2 except for ip address change on sub interface and HSRP priority will be low 90
LAN Switch
interface (whatever number)
description Trunk to VPN Router Gi0/0 switchport mode trunk
ip default-gateway 172.20.4.1
I noticed that you are running EIGRP on LAN switch, is that an L3 LAN ? Above config is for L2 LAN, if connection between routers and LAN is via L3 and if you want to keep it that way then you will have to change metrics on routers so that VPN router1 is more preferable and VPN router2 is less
Please rate helpful posts. Thanks
12-02-2016 06:00 AM
Hi Sreeraj,
I agree to a point with Junaid's comments about using HSRP. However one thing to add is that when you are tracking an IP route tied to an SLA, you will need to add the route you are tracking as a static route on the primary router otherwise the IP SLA will never fail and therefore HSRP will not failover.
HTH
Regards
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide