10-29-2014 06:10 AM - edited 03-05-2019 12:03 AM
We had one Branch office and one head office.
Each location we had 2 Routers(Primary and secondary) configured with EIGRP. Recently we implemented IPsec for the traffic.
EIGRP route will take place in primary only. if i configured variance command and if i did the load balancing.. Will traffice will go via IPsec. because IPsec was active on primary router only. If primary link goes then only IPSec was becaming active in Secondary router in this situation.. how traffice will go.
question 1.
will load balance will work. to reach the network we have route via 2 ways so if traffice go via EIGRP then it will work with out disturbance
question 2
But IP sec was active in primary only so traffic on primary router will encrypt and secondary will go with out encryption is possible? i am not sure about it
question 3
If IP sec was down then i am not able to reach the Branch office eventhough WAN Link is Up and route was there in EIGRP. so if IPsec configured we can reach branch office only IPsec was Up. then how load balance will work because secondary router it was showing down so branch office will be not reachable eventhough route was there..
Please clarify i am not sure wheather i am conveyed my doubt clearly.
10-29-2014 08:04 AM
While a little of your situation is clear there is much in your question that is not clear. It is clear that there are two sites and that each site has a primary router and a secondary router. It is clear that you implemented IPSec on the primary router but it is not clear whether IPSec is also implemented on the secondary router (I am assuming that it is not but it is not clear to me).
It is clear that EIGRP is running on the primary router and not clear whether EIGRP is also on the secondary router. It is also not clear whether EIGRP is running through IPSec on the primary router (goes over the WAN) or whether it is running only locally. You talk about variance and load balancing but it is not clear whether that has actually been done and whether there are actually two routes in the routing table for some destinations which would be necessary for load balancing.
I do not have enough information to answer questions 1 and 3. The answer to question 2 seems clear. If primary router has enabled IPSec and secondary router has not enabled IPSec then traffic going out primary router should be encrypted and traffic going out secondary router will go in the clear.
HTH
Rick
10-29-2014 08:36 AM
EIGRP was configured on both routers and IPsec also configured both router.. IPsec was configured WAN Peer IP of Branch is configured in head office and vice versa.. There is connection between Primary and Secondary router... Right now only one route was installed if we change variance then have chance to install 2 route.. 1 Route go via WAN directly other route go via Secondary and reach the WAN.. Sample rough diagram attached.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide