I have a remote site that has a 2851 currently with a single ISP and VPN site-to-site back to my HQ. I would like to add a second ISP at the remote site for fail-over as the Internet connection at the location is somewhat unstable. My HQ is fully redundant already with dual ISPs and eBGP. To comply with corporate policy I tunnel all traffic back to HQ for inspection, content filtering, SSL decryption, etc. I'd prefer to use a tunnel interface with this setup as I can do more with ACLs and security opposed to crypto-maps.
Is it possible in the IOS to do the following?
Establish a site-to-site tunnel using ISP1 and aggressive mode (works easier at HQ when 2 ISPs are invloved) back to HQ.
If ISP1 fails detect and switch over to ISP2.
Re-establish the VPN tunnel with ISP2 back to HQ.
Detect ISP1 is back up and flip back.
I could do this with 2 routers and HSRP but that would involve changing the way things work at HQ with the routing and I would like to avoid that if possible to not introduce more changes. Any thoughts on how to do it would be appreciated. Thanks in advance.
i am also looking forward for a solution to get the VPN fail over, right now have 2 routers each connected to different ISP with static ip. INternet fail over is working fine and even VPN tunnel is also fine but i do not know how to configure the VPN failover... do you have any idea about it ?
On 16th April 2021 Cisco recently announced availability of the latest release on the IOS-XE train – IOS-XE Bengaluru 17.5.1a.
This is the 2nd one in the Cisco IOS XE Bengaluru release series, IOS XE 17.5.1a unlocks various routing features and ...
New to IPv6? Trying to wrap your head around concepts like IPv6 addressing, solicited-node multicast, and just how, exactly, does all this work without ARP? Never fear, Fish Fishburne is here to help with this blog series she wishes had been out there whe...
Cisco recently announced availability of the latest release on the IOS-XE train – IOS-XE 17.5.1. This is a standard maintenance release supporting Switching, Wireless, SP-Access, Routing as well as IOT (Internet of Things) platforms wi...
Support Talks- How to determine a legitimate hardware issue
(Live event - Thursday 13 May, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris)
This event will place on Thursday 13th, May 13 at 9:30hrs PST
Register today for this Suppor...
Thanks for attending our Ask the Experts (ATXs) sessions! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology quest...