cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

683
Views
0
Helpful
1
Replies
Highlighted
Beginner

Site to Site VPN between two 2951 routers, need help testing failover

I have two 2951 routers that have a site to site VPN setup.  This VPN is only to be used for failover in the event that the main point to point circuit between two offices goes down.  This is in a 24/7 facility and the IT director doesn't really want to have any downtime to test the fail over VPN connectivity.  I have a normal business class cable Internet line on FastEthernet0/0/0 of each router that is configured with a VPN to pass traffic between the two LANs in the event the main route goes down.  I am using route-SLA's to monitor for the failover state.

How can I test the VPN connection that goes out FastEthernet0/0/0 without taking down the primary routes over the Wifi line?

Here is my LAN setup

office 1:  192.168.1.x

office 2: 192.168.2.x

Wifi WAN: 192.168.10.x

We currently have these route statements in place to move traffic accordingly

ip route 192.168.2.0 255.255.255.0 192.168.10.2 track 10

ip route 192.168.2.0 255.255.255.0 FastEthernet0/0/0 10 track 123

Everyone's tags (4)
1 REPLY 1

Re: Site to Site VPN between two 2951 routers, need help testing

Hello Brian,

What i Do normally to select to specific PC from each , lets say

office 1 : 192.168.1.100

office 2 : 192.168.2.100

Configure 2  host routes on your router

ip route 192.168.2.100 255.255.255.255 192.168.10.2 track 10

ip route 192.168.2.100 255.255.255.255 FastEthernet0/0/0 10 track 123

You need to create similar entry for 192.168.1.100 at the other end as well as follows

ip route 192.168.1.100 255.255.255.255  track xx

ip route 192.168.1.100 255.255.255.255  track xx yy

now.. do a continuous ping from your 192.168.1.100 to 192.168.2.100 and it shoud go via the primary link..

to test the failover

take the following  route off from the your router

no ip route 192.168.2.100 255.255.255.255 192.168.10.2 track 10

also at the time, you need to take the other end primary route also off for your host..

no ip route 192.168.1.100 255.255.255.255 track xx

Now make sure that your traffic between these 2 computers flows through the VPN tunnel

Hope this helps

Harish.