cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2805
Views
0
Helpful
12
Replies

VPN Cisco 2821 HQ and Cisco 1841 Branch for failover (2 wan interface)

rechard_hk
Level 1
Level 1

Dear All Expert,

I would like to ask you some question about failover for HQ to Branches by VPN connection.

At HQ site i had Cisco router 2821 with Hwic-4ESW and At the Branch site i had Cisco Router 1841 with Hwic-4ESW.

From HQ to Branch we have 2 Wan link (2 ISP, one for Primary link and other one for Bakcup link), when the Primary link donw, the Back up link will be up aotomatically. I would like to ask you about configuration from HQ to Branch by VPN connecion ( primary and Back up link) how can i configure?

Best Regards,

Rechard_HK

1 Accepted Solution

Accepted Solutions

Hi Rechard_hk,

Glad that command helping you.

1. Yes, the command must apply to both HQ and Branch. Else your Branch will have return route issue.

2. You can ignore GRE setup. This setup is for complex branch office network, after viewing your network diagram floating static route is the best resolution suit to your network environment.

Regards,

Tan

View solution in original post

12 Replies 12

tetong
Level 1
Level 1

Hi Rechard_HK,

Do you have any firewall in between?

Regards,

Tan

Dear Tan,

No, don't have any firewall.

But At HQ i have core-swith 3560 for intervlan and Cisco Router 2821 connect to Core-swith 3560.

Thanks you for your question!!!

Best Regards,

Norung

Hi Rechard_hk,

Create GRE tunnel in both side to make your link redundancy.

For sample configuration visit: http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

Your case required to setup 2 x Tunnel for both router side. Since you have two ISP link.

Regards,

Tan

Dear Tan,

i'm not clear about GRE tunnel that you show me, could you let me know detail than this?

i'm not clear that i have 2 ISP, so how can i create tunnel GRE( how many GRE that i create  at HQ and Branch because i have two ISP link)?

On your link that you send to me which point that it fail over?

Thanks you for your support!!!

Best Regards,

Rechard_HK

Hi Rechard_HK,

Do you have a network diagram? then i can propose the better solution.

Regards,

Tan

pic01.jpgDear Tan,

Please see in the attach file.

Best Regards,

Rechard_hk

Dear Tan,

Please kindly see in the attach file.

Thanks you for you r

Best Regards,

Rechard_hk

Dear Tan,

Do you have update?

Best Regards,

Rechard_HK

Hi Rechard_HK,

The answer to your question is floating static route. You can configure two static routes, one pointing to the first leased line and the other pointing to the second leased line. Suppose these lines are connected to F0/0 and serial F0/0/0 interfaces. Then your static routes would look like
Ip route 0.0.0.0 0.0.0.0 F0/0
Ip route 0.0.0.0 0.0.0.0 F0/0/0

This will load balance the traffic between the two lines. If you don't want load balancing, and want second line purely as backup, then your configuration would look like –

Ip route 0.0.0.0 0.0.0.0 F0/0
Ip route 0.0.0.0 0.0.0.0 F0/0/0 150

The 150 command in the second route here tells the router that the administrative distance for the second route is 150 (for normal static route it is 1). So the second route has a less preference than the first route, and should only be used when the first route fails.

Regards,

Tan

Dear Tan,

Very thanks you for you help me!!!

i got command that you give me, so i would like to ask you some question that:

1- Do i need add two comand stastic route at HQ and Branch or just add two stastic router only HQ?

2- when i used stastic router, we don't need to use GRE that you show me last time?

Best Regards,

Rechard_hk

Hi Rechard_hk,

Glad that command helping you.

1. Yes, the command must apply to both HQ and Branch. Else your Branch will have return route issue.

2. You can ignore GRE setup. This setup is for complex branch office network, after viewing your network diagram floating static route is the best resolution suit to your network environment.

Regards,

Tan

Dear Tan,

Thank you again for your time and fully support!!!

In the future, if i have any problem or i have some quetion want to ask you , so How can i ask you?

Best Regards,

rechard_hk

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco