cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2022
Views
0
Helpful
6
Replies

DMVPN over dual ISP connection

muhammad_zahid
Level 1
Level 1

Hi All,

We have remote site connected via two ISP (4G and ethernet) connection and is using DMVPN to connect to HQ. The DMVPN is currently setup successfully over the 4G internet but I need to configure 2nd internet connection as a backup to 4G. 

 

GigabitEthernet0/0/2 - Internet over ethernet 
Cellular0/1/0  - 4G 

 

but not sure how to achieve as in the "DMVPN" profile u can specific only one interface as source for "DMVPN"

tunnel source Cellular0/1/0

 

any suggestion?

 

Thanks in advance

 

 

1 Accepted Solution

Accepted Solutions

thanks. Will try this solution and will update you...Appreciate your help

View solution in original post

6 Replies 6

Hello,

 

basically, you need two tunnels on the hub and spokes. Below is a configuration example. If you can't figure it out, post the running configs of the hub and one of the spoke routers, so we can fill in the necessary bits and pieces...

 

http://resources.intenseschool.com/dmvpn-redundancy-single-hub-single-spoke-with-dual-isp-link/

Thanks for your prompt reply. Is it possible to implement it with single tunnel on the hub as I dont have access to the hub config and is managed by HQ team? 

Hello,

 

can you post the config of your spoke then ? I guess you could configure two tunnels and then use a failover (IP SLA, EEM) script to have the backup tunnel take over.

Thnx fr yur response: 

Plz find the output 

 

interface Tunnel2
description dmvpn internet
bandwidth 2000
ip address 192.168.1.109 255.255.255.0
no ip redirects
ip mtu 1300
ip pim dr-priority 0
ip pim sparse-mode
ip nhrp authentication xxx
ip nhrp network-id 200
ip nhrp nhs 192.168.1.9 nbma x.x.x.x multicast

nhrp attribute group RX-GROUP-
nhrp map group HUB-GROUP service-policy output PARENT
tunnel source Cellular0/1/0
tunnel mode gre multipoint
tunnel key 200
tunnel path-mtu-discovery
tunnel vrf public-internet
tunnel protection ipsec profile vpn-profile
hold-queue 4096 in
hold-queue 4096 out

Hello,

 

you could just use an IP SLA and an EEM script (two actually) to change the tunnel source in case the Cellular interface goes down:

 

track 1 ip sla 1 reachability
!
ip route 8.8.8.8 255.255.255.255 Cellular0/1/0
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Cellular0/1/0
threshold 1000
timeout 1000
frequency 1
!
ip sla schedule 1 life forever start-time now
!
event manager applet ACTIVATE_BACKUP_DMVPN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface Tunnel2"
action 4.0 cli command "no tunnel source Cellular0/1/0"
action 5.0 cli command "tunnel source GigabitEthernet0/0/2"
action 6.0 cli command "end"
action 7.0 cli command "clear ip nat translation *"
!
event manager applet ACTIVATE_PRIMARY_DMVPN
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface Tunnel2"
action 4.0 cli command "no tunnel source GigabitEthernet0/0/2"
action 5.0 cli command "tunnel source Cellular0/1/0"
action 6.0 cli command "end"
action 7.0 cli command "clear ip nat translation *"

 

thanks. Will try this solution and will update you...Appreciate your help

Review Cisco Networking for a $25 gift card