Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2001
Views
0
Helpful
2
Replies

Configure VPN Ipsec as backup route

Go to solution
reynaldolopeza
Level 1
Level 1

‎11-22-2017 06:43 AM - edited ‎03-12-2019 04:45 AM

Hi everyone, please your help with this issue.

 

We have access to branch offices through a Service Provider MPLS network. We have configured EIGRP over GRE tunnels for routing to Branch offices. Now we need to configure a VPN Ipsec as a backup route. I am aware that Ipsec only supports unicast traffic and static routes (no EIGRP allowed there).

 

How can I configure my routes in order to keep the EIGRP through the WAN network as the primary route and the new VPN Ipsec as the backup? We need high availability there.

Is there a way to configure EIGRP through Ipsec so I can configure delay and bandwith to change metrics and get my HA?

 

It's worth to mention that at HQ I have a Firewall ASA for Internet access and VPN configuration, and a router 4331 to connect to the WAN (no security license), and in my branch offices I have 4321 routers with Security license ready for VPN Ipsec configuration. I am attaching the network diagram. Thanks in advanced.

1 person had this problem
Labels:
Preview file
72 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
reynaldolopeza
Level 1
Level 1
In response to Flavio Miranda

‎12-21-2017 07:42 AM

I resolve the issue. Testing the HA shutting down the MPLS link, the IPsec tunnel automatically turns on. And when the MPLS link is back, the traffic retake the EIGRP route configured. For the traffic to use the Ipsec tunnel we just configured a default static route (the same one that allows my users to go out to the internet).

It was a routing issue.

Regards.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎11-22-2017 07:50 AM

Hi @reynaldolopeza

It depends on how EIGRP receives the routing. You can configure a floating static route on the core point to VPN.

If you loose your MPLS link you'll be send to VPN link.

 You can also think in IP sla but the first option would be better.

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Go to solution
reynaldolopeza
Level 1
Level 1
In response to Flavio Miranda

‎12-21-2017 07:42 AM

I resolve the issue. Testing the HA shutting down the MPLS link, the IPsec tunnel automatically turns on. And when the MPLS link is back, the traffic retake the EIGRP route configured. For the traffic to use the Ipsec tunnel we just configured a default static route (the same one that allows my users to go out to the internet).

It was a routing issue.

Regards.

 

0 Helpful
Customers Also Viewed These Support Documents