Dynamic routing for backup Tunnel

benolyndav · ‎03-25-2023

HI

See diagram, so we want to set up another ipsec vpn on the network on the left which is our other DC, how could we set this up so if the 172.25.192.0/19 network wasnt available on the network on the right (DC1) then the routingwould dynamically point to DC2 on the left.

Thanks

MHM Cisco World · ‎03-25-2023

I dont get you Q
can you more elaborate

benolyndav · ‎03-25-2023

Hi

so from the diagram you see that we have a IPSEc VPN to AWS where the /19 resides,

network on right DC1

we have a static route pointg to firewall for /19 on the 9500 stack, this is then redistributed into BGP and advertised to the ISP router.

Network on left side DC2
we would like to set up a secondary IPSEC VPN to AWS and if we loose the primary IPSEC VPN we want the routing to then point to DC2 for the /19,
i was thinking maybe ospf on the Firewall and advertise just the /19 and then if we loose the the firewall etc then dynamically route to DC2. I also realise I will neeed isp assistance .?

Thanks

rais · ‎03-25-2023

Do you intend to use AWS backbone to get to /19 [right] network or does the /19 has another instance in the left AWS region? You need a dynamic routing protocol.

benolyndav · ‎03-25-2023

Hi

The /19 resides in AWS,

Thanks

MHM Cisco World · ‎03-25-2023

You mention ipsec and I dont know from which point from edge router or from ASA?

benolyndav · ‎03-25-2023

ASA public internet the ISP routers are our private MPLS provided by Virgin

MHM Cisco World · ‎03-26-2023

just mention in your topology from where to where the VPN connection
if you can please

benolyndav · ‎03-27-2023

Hi

From ASA to Cloud (AWS)