Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
3
Replies

Creating VPN redundancy at multiple sites

Brandon Fogliano
Level 1
Level 1

‎11-11-2014 10:39 AM - edited ‎03-05-2019 12:08 AM

Hi all,

 

I am working on a design and configuration for a company network where all of the locations have or are going to have dual ISPs for redundancy.  I have everything configured the way I want it and working except for the VPNs.  All of the branches come back to the main location for their servers and run through single VPN tunnels.  But when the addition of the second ISP to each location comes what is the best way to make the VPNs redundant as well.  I have tried to use 2nd peer addresses in crypto maps but it intermittently has issues.  A user on here recommended DMVPN which I have set up in a test with single ISPs and I love it, works great.  But how would I make this DMVPN cloud redundant?  Do I have to just create a second cloud and always have the circuits at all location fail over to the second DMVPN cloud even if technically not all location primary circuits have dropped, or is there a way to make the GRE tunnels redundant through both ISP circuits back to the hub. Any information or thoughts would be greatly appreciated.

 

Thanks everyone,

 

Brandon

Labels:
0 Helpful
3 Replies 3

zulqurnain
Level 3
Level 3

‎11-11-2014 12:02 PM

Hi 

 

When you say VPN I am guessing that it's a Internet L2L VPN , if so then have a look at this

 

https://supportforums.cisco.com/blog/150001/ipsec-vpn-redundancy-failover-over-redundant-isp-links

 

HTH

Please rate it 

0 Helpful

Brandon Fogliano
Level 1
Level 1
In response to zulqurnain

‎11-11-2014 12:17 PM

Thank you very much for your reply zulqurnain, this solution worked well when the branch locations had only one ISP, but they are also going to be redundant.  That is where the intermittent issues arose.  That is why someone suggested the DMVPN idea.

0 Helpful

c.flavell
Level 1
Level 1
In response to Brandon Fogliano

‎11-15-2014 12:02 PM

Hi M

Yes DMVPN is the best answer.

Regards Conwyn

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card