Hi Kumar

thanks for ur reply

i m looking for config example   MPLS VPN L3 act as primary connection while IPSec over the internet acts as a 2nd connection

thanks

Hi,

I give me some time and I will share with you. 

Regards,

Deepak Kumar

thank you bro kumar , this type of connection seems a trend nowdays

Hi, 

You can configure the route-map and set the next-hop address. I  am sharing the details with you as an example:

IP local LAN subnet:  10.10.10.0/24

My HO site Subnet: 192.168.2.0/24

I have two tunnel interface:

Tunnel 1: 1.1.1.0/24 - MPLS network

Tunnel 2: 2.2.2.0/24 - Internet VPN 

The configuration of route-map on remote as below:

ACL configuration for interested traffic:

access-list 100 permit ip any 192.168.2.0 0.0.0.255

Route-map configuration and assign the next hop address:

route-map test permit 10
match ip address 100
 set ip next-hop verify-availability 1.1.1.2 1 track 100 

Apply the route-map under the LAN interface:

interface FastEthernet1/1

des Local-LAN
ip address 10.10.10.1 255.255.255.0
ip policy route-map test
speed auto
duplex auto

and add an IPSLA and Track to monitor the next-hop availability. 

ip sla 100
icmp-echo 1.1.1.2 1 source-interface Tunnel1
threshold 2
timeout 1000
frequency 3
ip sla schedule 100 life forever start-time now
!
track 100 ip sla 100 reachability

Regards,

Deepak Kumar

thanks kumar