Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
5
Helpful
6
Replies

MPLS VPN L3 act as primary connection while IPSec over the internet acts as a 2nd connection

Ibrahim Jamil
Level 6
Level 6

‎03-17-2018 10:32 AM - edited ‎03-05-2019 10:07 AM

Hello guys

 

any good config example for MPLS VPN L3 act as primary connection while IPSec over the internet acts as a 2nd connection , routing protocol is OSPF

 

thanks

Labels:
0 Helpful
6 Replies 6

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-18-2018 10:59 PM

Hi, 

You can change the OSPF cost and make it primary. 

 

https://supportforums.cisco.com/t5/network-infrastructure-documents/how-to-configure-ospf-cost/ta-p/3133153

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Deepak Kumar

‎03-19-2018 02:16 AM

Hi Kumar

 

thanks for ur reply

 

i m looking for config example   MPLS VPN L3 act as primary connection while IPSec over the internet acts as a 2nd connection

 

thanks

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Ibrahim Jamil

‎03-19-2018 02:19 AM

Hi,

 

I give me some time and I will share with you. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Deepak Kumar

‎03-19-2018 03:58 AM

thank you bro kumar , this type of connection seems a trend nowdays

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Ibrahim Jamil

‎03-19-2018 04:41 AM - edited ‎03-19-2018 09:52 PM

Hi, 

You can configure the route-map and set the next-hop address. I  am sharing the details with you as an example:

IP local LAN subnet:  10.10.10.0/24

My HO site Subnet: 192.168.2.0/24

 

I have two tunnel interface:

Tunnel 1: 1.1.1.0/24 - MPLS network

Tunnel 2: 2.2.2.0/24 - Internet VPN 

 

The configuration of route-map on remote as below:

 

ACL configuration for interested traffic:

 

access-list 100 permit ip any 192.168.2.0 0.0.0.255

 

Route-map configuration and assign the next hop address:

route-map test permit 10
match ip address 100
 set ip next-hop verify-availability 1.1.1.2 1 track 100 

 

 

Apply the route-map under the LAN interface:

 

interface FastEthernet1/1

des Local-LAN
ip address 10.10.10.1 255.255.255.0
ip policy route-map test
speed auto
duplex auto

 

and add an IPSLA and Track to monitor the next-hop availability. 

 

ip sla 100
icmp-echo 1.1.1.2 1 source-interface Tunnel1
threshold 2
timeout 1000
frequency 3
ip sla schedule 100 life forever start-time now
!
track 100 ip sla 100 reachability

 

 

Regards,

Deepak Kumar

 

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Ibrahim Jamil
Level 6
Level 6
In response to Deepak Kumar

‎03-20-2018 10:37 AM

thanks kumar

0 Helpful
Customers Also Viewed These Support Documents