12-18-2020 12:18 PM
Dear All,
we've implemented FlexVPN network for organization with hundreds of branches with two hubs at head office and one at the DR sites and we're using BGP on all Hubs and Spokes.
we've connected branches to the HQ hubs with client profile, what is the best method to connect the branches to the DR Hub and DR Hub to the HQ Hubs for replication ?
we're using dynamic tunnel ip addresses from the HUbs.
regards
12-18-2020 12:28 PM
You could use the FlexVPN client on the spoke routers to specify the order of the hubs you wish to connect to. The spoke will connect to the first IP address and only connect to the next if the first fails. E.g.
crypto ikev2 client flexvpn Flex_Client
peer 1 172.25.1.1
peer 2 172.25.2.1
Example here:-
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configure-flexvpn-00.html
12-18-2020 12:40 PM
Thanks Rob for your fast response.
the network is currently working with two of the hubs installed at the HQ and we want to add a new Hub at the DR.
our concern is how can we connect DR hub (bgp) to the HQ Hubs (bgp), for DR to Branches connectivity we're planning to add a new tunnel.
please advise !
12-18-2020 12:49 PM - edited 12-18-2020 12:59 PM
Do you already have 2 active tunnels to the 2 HQ hubs?
If you added another tunnel you'd need the routing protocol to prefer the DR Hub the least, so traffic would only be routed over that tunnel in the event the other 2 hubs failed. The downside is you'd have multiple active tunnels.
If you used the FlexVPN client then you just specify the Hubs in order you wish to connect to, add the DR last on the list and the spoke will only connect if the first 2 hubs are down. You'd only ever have 1 active tunnel.
There are several options, the suggests above are the most common.
12-18-2020 01:18 PM
we've one tunnel with client profile from branches to the HQ but planning to add a new tunnel with separate client profile from branches to the DR.
what's the downside of having a separate tunnel to the DR and what's the preferred way to connect the DR to the HQ? both sites are hubs with iBGP routing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide