I have a remote site that has a 2851 currently with a single ISP and VPN site-to-site back to my HQ. I would like to add a second ISP at the remote site for fail-over as the Internet connection at the location is somewhat unstable. My HQ is fully redundant already with dual ISPs and eBGP. To comply with corporate policy I tunnel all traffic back to HQ for inspection, content filtering, SSL decryption, etc. I'd prefer to use a tunnel interface with this setup as I can do more with ACLs and security opposed to crypto-maps.
Is it possible in the IOS to do the following?
Establish a site-to-site tunnel using ISP1 and aggressive mode (works easier at HQ when 2 ISPs are invloved) back to HQ.
If ISP1 fails detect and switch over to ISP2.
Re-establish the VPN tunnel with ISP2 back to HQ.
Detect ISP1 is back up and flip back.
I could do this with 2 routers and HSRP but that would involve changing the way things work at HQ with the routing and I would like to avoid that if possible to not introduce more changes. Any thoughts on how to do it would be appreciated. Thanks in advance.
i am also looking forward for a solution to get the VPN fail over, right now have 2 routers each connected to different ISP with static ip. INternet fail over is working fine and even VPN tunnel is also fine but i do not know how to configure the VPN failover... do you have any idea about it ?
Cisco DNA Software Demo Series - Cisco ThousandEyesRegister nowWednesday, May 12, 202110:00 am Pacific Daylight Time(San Francisco, GMT-07:00)SaaS applications and cloud-based services are increasingly critical for on-campus users, but they can be challen...
New Cisco Champion Radio release on Cisco Smart Building SolutionsListen: https://smarturl.it/CCRS8E16Follow us: https://twitter.com/CiscoChampion Now more than ever, sustainable and flexible building designs are at the forefront of every develo...
DRAFT -- THIS DOCUMENT IS STILL IN DRAFT FORM
MACsec is IEEE standard 802.1AE. It was developed by the IEEE to compliment the 802.1X-2004 standard. MACsec was developed to allow authorized systems to connect and then encrypt data that is transmitt...
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN. What is SD-WAN? SD-WAN is Software define wide area network and SD-WAN is key part of the technology o...
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.
Meraki Vision Session
MV smart camera range is getting big...