Hello Georg,

Thanks for you prompt response, I will modify same and do some testing .

I will update you shortly.

Regards

Hello Georg,

I modified the two tunnels on the spoke(Lethem_test)     tunnel protection ipsec profile CiscoCP_Profile1 shared

When I tried to enable the secondary wan interface on the spoke router ((Lethem_test) the connection drops.

If I disable the interface the connection is re-established. 

I would like to have both wan interface and both tunnels up on the spoke to allow a failover if one IPS service is disrupted.

Unsure what is causing the issue.

Regards

Hello @jomo frank ,

have you added

tunnel key   <value>

with a different value within each tunnel ?

Hope to help

Giuseppe

Hello Giuseppe,

I added a tunnel valve but I do not have a different value for each tunnel

                                   Head office     (Hub)                                                          Lethem (Spoke)

                                 ---------------------                                             ----------------------

Tunnel 0                       tunnel key 100000                                                        tunnel key 100000

Tunnel 1                       tunnel key 110000                                                         tunnel key 110000

This are extracts from the current configuration , should I make each tunnel key unique?

Regards

Hello @jomo frank ,

>> his are extracts from the current configuration , should I make each tunnel key unique?

on a single node for sure it is a way to demultiplex packets for dffierent tunnels with same source/destination external addresses.

You should be fine from this point of view.

Hope to help

Giuseppe

Hello Guiseppe,

I will try unique tunnel key for each tunnel.

Regards

Hello Giuseppe,

I tried putting a unique tunnel key for each tunnel, when I enable the secondary wan interface on the Lethem router no eigrp adjacency is establish and the connection is lost.

I notice when the secondary. wan interface  (lethem) is enable they are two default route showing in the routing table.

Unsure if this reason  for the connection lost when ever the secondary wan interface is enabled

Regards

Hello @jomo frank ,

>> I notice when the secondary. wan interface (lethem) is enable they are two default route showing in the routing table.

>> I tried putting a unique tunnel key for each tunnel, when I enable the secondary wan interface on the Lethem router no eigrp adjacency is establish and the connection is lost.

You should at least have host static routes for the public IP addresses of the HUBs one with exit WAN1 and one with exit WAN2.

The default routes should be learned in EIGRP over tunnels if you want to have a centralized exit to the internet or you need to handle it in some way ( probably using two different  Front VRFs could be a solution ie having WAN1 and WAN2 in two different VRFs so that the two default routes wll not be used in load sharing)

Clearly the two default static routes can be a problem if the wrong WAN interface and source IP  address is used to attempt to reach the HUB on VPN

Hope to help

Giuseppe

Hello  MHM,

Never use Front-door VR not sure how to configure same .

Regards

https://www.codecerc.com.ve/2020/DMVPN-FVRF