Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
0
Replies

Two L2L VPNs, how to send traffic that enters #2 back through #2?

jmaxwellUSAF
VIP
VIP

‎03-10-2023 10:13 AM

Hello.

GIVEN:
Between two enterprises, primary and secondary L2L ISAKMP IPsec VPNs exist.

Enterprise2 initiates all traffic. Enterprise2 sometimes does maintenance on their network. At these times they want to send traffic to the target servers on enterprise1 subnet 172.16.2.0/24 through the secondary tunnel. During such maintenance THE PRIMARY TUNNEL STAYS UP, but Enterprise2 routers upstream from the primary tunnel router disconnect, so return traffic through the primary tunnel will black-hole.
---

Comments:

There would be no problem if the primary tunnel failed, because secondary dynamic routes would instantly heal the network by sending traffic to the secondary tunnel.
But in this case THE PRIMARY TUNNEL STAYS UP, so how can Enterprise1 know to change the return route to the secondary tunnel?

It seems the solution is somehow for a router on the Enterprise1 side to alert that traffic is now ingressing through the secondary VPN, so it informs the first-hop router closest to the server, that the route must now go through the secondary VPN.

QUESTION:
Is there a solution so that traffic that enters through the secondary tunnel always returns through the secondary tunnel?

Thank you.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card