We currently have DMVPN running with 1 Hub and 2 spokes.
What we'd like to do on each of the spokes is have a backup wan connection as a failover in case the primary wan connection goes down. The hub only has one wan connection currently
My thought was to build additional tunnels on the hub and spokes to serve as the 'backup' routes. So, for example, all of the devices would have Tunnel0, which is the main tunnel, then I would add Tunnels 1 and 2 on the hub - using a different nhrp subnet and then create Tunnel1 on spoke A and Tunnel2 on spoke B.
What I noticed though is that even before I did any change on our routing (it is all static), about a half hour after I brought up the secondary tunnel between the hub and spoke A, both spoke A and spoke B had suddenly shifted over to Tunnel1 from Tunnel0 (which caused their connections to drop). I had configured each of the tunnels to use a different subnet (i.e. 172.16.0.0, 172.16.1.0, 172.16.2.0) and had yet to change the routing at all. They are all sharing the same crypto, so I'm am not sure if that is contributing to the problem.
Is there a step I am missing, or am I going about this the wrong way?
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...