cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
6
Replies

Routing Config Issue

Joe Lee
Level 1
Level 1

All-

To make it easier to explain my problem, I am attaching the network diagram.

R1 is remote site that runs IPSec VPN and it setup the accordingly primary and failover L2L VPN to R2 and R7. R2 and R3 are in the data center, and R6 and R7 are in the seondary data cenetr. R3, R4, R5, and R6 are all connected to the MPLS cloud via BGP. All the router are running eBGP here, except the remote router R1.

R 2 and R7 are running the static route for the subnet in the remote site. My issue is...when the primary VPN down, the failover VPN switches as an actived mode. On the router R5, supposed the route to the subnet in the remote site R1, should be R5->R6->R7->R1, but the route still goes R5->R3->R2->R1.The crypto Phase I is up, but it appears there is the routing issue. Please advice how to adjust the routing so we can reach the remote site when the primary is down through the backup VPN.

Regards,

Joe

1 Accepted Solution

Accepted Solutions

smehrnia
Level 7
Level 7

Hi Joe,

Since R2 and R7 are using static routes to the remote subnet, when the route (VPN) goes down, they dont withdraw it from the routing table, causing a black hole in your network towards R1.

what you have to do is simply set up an IP SLA Echo that pings your R1 ip address constantly, and then bind the IP SLA tracker to your static route.

this way when there is reachability issues, such as link failure or whatever, your static route is withdrawn from the routing table and the other VPN takes control.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

View solution in original post

6 Replies 6