08-02-2012 01:32 PM - edited 03-04-2019 05:09 PM
We have AT&T Managed MPLS service are our datacenter and our branch office locations. AT&T has provided the routers and simply give us an ethernet connection. We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.
Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router. Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet.
What I'd like to do is better utilize this cable modem/ASA5505 setup. Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.
From some of the research I've been doing, it looks like using GRE and some routing protocol would be a possible solution....i'm just not sure of the best way to implement in this scenario.
Would anyone be able to confirm that this would be a good option for me or maybe offer another solution?
Many thanks!
Solved! Go to Solution.
08-04-2012 11:45 PM
My network is very similar to yours. Talk to AT&T about a service of theirs call ANIRA. It will allow you to use an Internet connection to provide a backup connection at each site. At&t will provide you a router that has a vpn connection to at&t that will punch your traffic back into your mpls network. i use vrrp and then monitor a ip sla to trigger the backup connection.
Sent from Cisco Technical Support iPad App
08-04-2012 07:37 AM
Using MGRE between the branches and the hub data center site a good way to have a backup over the Internet with less amount of tunnels and scalable solution but you need to use routers for tunnels termination as firewall dose not support it
Also make sure you secure the tunnel with IPSec
This way you can run a routing protocol of the mgre runnels and tune routing to make sure the path over the tunnel to be used as a failover link/path only
Hope this help
Sent from Cisco Technical Support iPhone App
08-04-2012 11:45 PM
My network is very similar to yours. Talk to AT&T about a service of theirs call ANIRA. It will allow you to use an Internet connection to provide a backup connection at each site. At&t will provide you a router that has a vpn connection to at&t that will punch your traffic back into your mpls network. i use vrrp and then monitor a ip sla to trigger the backup connection.
Sent from Cisco Technical Support iPad App
06-17-2016 07:21 AM
mrussell2012 - I know this is pretty old, but we are looking at doing the same. How are you controlling the metric going
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide