Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
0
Helpful
8
Replies

Route path prority

Go to solution
bensonlei
Level 1
Level 1

‎09-02-2019 06:14 AM

Hi, Guys,

I have a question on route path priority scenario:

Two hosts with public IPs and private IPs in two separate sites, such as:
1. Site A has a host with public IP 202.202.202.2/32 and NAT private IP = 192.168.10.2/32
2. Site B has a host with public IP 101.101.101.1/32 and NAT private IP = 172.172.1.3/32
3. The two sites have default route 0.0.0.0/0 to their individual ISPs.

4. Using static route


At normal situation, they are communicating each other through Internet connection, that is fine; and now
a VPN tunnel is established between two sites.
How to configure the route priority so that whenever internet connecticity is lost, they can communicate each with their private IP through the VPN tunnel ?

Thanks so much for your kind help.

BensonLEI

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bensonlei
Level 1
Level 1
In response to Jon Marshall

‎09-03-2019 06:31 AM - edited ‎09-03-2019 06:35 AM

Hi, Jon,

 

Great, thanks a lot.

 

You are probably right, same concept as the above example no matter it is public IP or private IP, by inserting a route with IP SLA.

 

Cheers

Benson LEI

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎09-02-2019 07:05 AM

We do not have much detail to work with in this question and that limits what we can suggest. At first reading it seems to be a question about what to do if you lose your default route. The common solution for that would be a floating static default route (a static default route with a higher administrative distance). But on close reading I believe that you probably do not want to replace the default route and want a route only for the peer to peer traffic. It is not clear what you want to happen with other traffic if the default route fails. I would suggest these steps to be able to route the peer to peer vpn traffic in the event of a failure of your default route:

- configure tracking with IP SLA for some address reached using the default route.

- configure an EEM script that could insert the new route to reach the remote peer and would be triggered by tracking the normal default route.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-02-2019 10:20 AM

 

Not sure I follow. 

 

Firstly does the VPN not run across the internet and if so if you lose the internet you lose the VPN as well. 

 

Secondly if it is does not run across the internet then it seems to be more a question as to how to tell the servers which IPs to use rather than a routing issue. 

 

A better understanding of your topology would help. 

 

Jon

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎09-02-2019 11:11 AM - edited ‎09-03-2019 10:36 AM

In addition to the point made by Jon (i.e. doesn't the VPN run across the Internet?), another possible issue is how does each host "know" what destination IP to use for the other host (which appears could be both a public and private IP)?

Often when using VPNs, they are preferred as they can maintain usage of private IPs and they also appear "shorter". However, a VPN adds overhead to the communication, so going via NAT and public IPs should be a tad more efficient.

0 Helpful

Go to solution
bensonlei
Level 1
Level 1
In response to Joseph W. Doherty

‎09-02-2019 06:35 PM - edited ‎09-02-2019 06:36 PM

Hi, Guys,

 

Firstly, thanks so much for your kind and quick replies.

 

Sorry for my misleading of the scenario, we have another IPLC network connection.

 

If we lose the internet connection, the hosts communicate with each other through the IPLC line (not VPN connection, in these sites) with the private IPs.

How should I configure the route priority, thx a lot.

 

With many thanks in advance.

 

Cheers

BensonLEI

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to bensonlei

‎09-03-2019 12:11 AM

 

I still think you are seeing this a routing issue when it is more to do with how the servers know to switch between the use of public or private IPs and how that happens which is nothing to do with the network. 

 

You could already have the routes in place for the private IPs to be used when needed but how do the servers know when to use them. 

 

Jon

0 Helpful

Go to solution
bensonlei
Level 1
Level 1
In response to Jon Marshall

‎09-03-2019 12:53 AM - edited ‎09-03-2019 12:54 AM

Hi, Jon,

 

Thanks so much for your quick reply.

I have not yet configured the route for the private IPs, but planning for this solution ( failover to private IPs communication through IPLC while internet access is not available ).

 

What should I do for the solution ( route priority ? what action implementation in the hosts for network connectivity failover ? ) 

 

Thanks a lot.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to bensonlei

‎09-03-2019 01:40 AM

 

I think you need to do as Rick suggests and use IP SLA to track an IP address on the internet and if that IP becomes unreachable then you can install a static route for private link. 

 

See this link for an example - 

 

https://blog.ipspace.net/2007/08/install-static-route-when-ip-address-is.html

 

Jon

0 Helpful

Go to solution
bensonlei
Level 1
Level 1
In response to Jon Marshall

‎09-03-2019 06:31 AM - edited ‎09-03-2019 06:35 AM

Hi, Jon,

 

Great, thanks a lot.

 

You are probably right, same concept as the above example no matter it is public IP or private IP, by inserting a route with IP SLA.

 

Cheers

Benson LEI

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card