09-29-2012 06:39 AM - edited 03-04-2019 05:42 PM
I currently have a working metro ethernet connection between our main office and a branch office. I am tasked with building a redundant route for this site, in case the metro-E line goes down. We are purchasing two cable internet lines at each sight and I plan on buying two Cisco routers to do the VPN tunnel via the new cable Internet connection. The metro ethernet connection currently has two HP 3500s on each atm.
2 questions:
-How will OSPF and VRRP factor-in to such a setup?
-What Cisco routers are recommended that can utilize this protocol?
The HP 3500s can do either OSPF or VRRP.
I have been purchasing and setting up refurbed Cisco 1811 routers for other VPN tunnels and they work great.
Ty
L
09-29-2012 06:46 AM
Hello Leif,
OSPF is a routing protocol that can do the job.
VRRP is only a First Hop Redundancy protocol and it is not a routing protocol it provides a default gateway to clients or a fault tolerant IP next-hop for static routes.
I would suggest the use of OSPF to build the backup paths.
You will need to use a point to point GRE tunnel over IPSec as your VPN connection. In this way OSPF can be used over the GRE tunnel.
All you need to do is to use an high OSPF metric over the GRE tunnels to make them less preferred over the primary path via metro ethernet.
Hope to help
Giuseppe
09-30-2012 05:12 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You will need to use a point to point GRE tunnel over IPSec as your VPN connection. In this way OSPF can be used over the GRE tunnel.
If supported by the Cisco platforms, you might also consider using VTI IPSec tunnels. They're a little easier to configure and don't have GRE header overhead.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide