Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
5
Helpful
1
Replies

Secondary route through IPsec tunnel

Go to solution
Hawk
Level 1
Level 1

‎01-09-2019 12:36 PM

We have 4 offices that are connected together through a private MPLS cloud.  All site to site traffic currently gets routed through the private MPLS using BGP.  All sites also have a broadband internet circuit.  If an MPLS circuit goes down at a site would there be a way to have it's site to site traffic automatically get routed through a pre configurted IPsec tunnel?  All sites are using a cisco ISR4221 router with only the base license.  Is there some kind of command like "ip route x.x.x.x x.x.x.x next-hop tunneled admin distance 30" I could use to tell the router to point site to site traffic to a router IP on the other side of the IPsec tunnel when the MPLS/BGP goes down? If not how could I use broadband circuits with what I have to create automatic redundancy for site to site traffic if an MPLS circuit goes down at a site?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick.Williams
Level 1
Level 1

‎01-09-2019 12:57 PM

Based on the fact that you have a site to site tunnel established there are several ways to achieve automatic redundancy.

1 Weighted static routes, this allows you to use one or a series to static routes that will not be visible within the routing table unless your primary route fails.

 

If you are using eBGP your Administrative distance will be 20 so your static route to get to a destination of 172.17.1.0/24 via a gateway of 172.16.1.1 would look something like this : ip route 172.17.1.0 255.255.255.0 172.16.1.1 25

25 being the weight of that static route that is higher that your current eBGP AD of 20

2. You may also look at implementing BGP or any other IGP whichever you are most comfortable working with to establish  dynamic fail-over for these locations.

 

Note : IGPs such as OSPF and EIGRP relies on multicast so this will be dependent on the type of vpn tunnel you have established.

Feel free to provide config samples if you  require more direct assistance.

 

Cheers

 

****Rate This Post Once it Is Helpful****

P.Williams

View solution in original post

1 Reply 1

Go to solution
Patrick.Williams
Level 1
Level 1

‎01-09-2019 12:57 PM

Based on the fact that you have a site to site tunnel established there are several ways to achieve automatic redundancy.

1 Weighted static routes, this allows you to use one or a series to static routes that will not be visible within the routing table unless your primary route fails.

 

If you are using eBGP your Administrative distance will be 20 so your static route to get to a destination of 172.17.1.0/24 via a gateway of 172.16.1.1 would look something like this : ip route 172.17.1.0 255.255.255.0 172.16.1.1 25

25 being the weight of that static route that is higher that your current eBGP AD of 20

2. You may also look at implementing BGP or any other IGP whichever you are most comfortable working with to establish  dynamic fail-over for these locations.

 

Note : IGPs such as OSPF and EIGRP relies on multicast so this will be dependent on the type of vpn tunnel you have established.

Feel free to provide config samples if you  require more direct assistance.

 

Cheers

 

****Rate This Post Once it Is Helpful****

P.Williams
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card