Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
2
Replies

DMVPN as Backup link to MPLS

mohammed asif suleman
Level 2
Level 2

‎01-27-2015 02:09 AM - edited ‎02-21-2020 08:02 PM

Hi,

i want to implement DMVPN to one of our branch as a fail over link if the MPLS point to point is down.

The MPLS VPN is working fine but due to SP faults we are experiencing frequent link downs.so i want to place a dsl router at branch and configure DMVPN to our existing HUB router.

i am configuring branch router as a spoke to HUB router R3 with rip so when the MPLS which using eigrp goes down , then DMVPN link should be up depending upon AD but, my doubt is if again MPLS link gets up, will it switchover to MPLS from DMVPN.

here is the topology

 

Here is the configurations for HO,HUB and Branch Routers

                             ******** HO ********

interface Tunnel102
 description " Tunnel HO-Br3"
 bandwidth 2048
 ip address 10.10.0.10 255.255.255.252
 tunnel source 172.33.1.18
 tunnel destination 172.33.33.18
!
interface FastEthernet0/0
 description "HO-LAN"                                                 
 ip address 192.168.1.10 255.255.255.0
 duplex auto
 speed auto
 
!
interface FastEthernet0/1
 description " Connection MPLS SP"                    
 ip address 172.33.1.18 255.255.255.252
 duplex full
 speed 100
!
router eigrp 200
 redistribute ospf 10 metric 512 600 100 100 1500
 network 10.10.0.8 0.0.0.3
 no auto-summary
!
router ospf 10
 log-adjacency-changes
 redistribute eigrp 200 subnets
 redistribute bgp 65350 subnets
 network 192.168.12.0 0.0.0.255 area 0
!
router bgp 65350
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 network 10.10.10.0 mask 255.255.255.0

neighbor 172.31.3.17 remote-as 65400
 no auto-summary

 

----------------------------------------------------------------------------------------------------

                            ********  HUB *********

 

(Router R3 Config)
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key welc0me address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des
!
crypto ipsec profile cisco
 set security-association lifetime seconds 7200
 set transform-set strong
 
 interface Tunnel10
 ip address 172.20.20.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication welc0me
 ip nhrp map multicast dynamic
 ip nhrp network-id 250
 ip tcp adjust-mss 1360
 no ip split-horizon
 delay 100
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile cisco
 
 interface GigabitEthernet0/1
 ip address 74.99.128.25 255.255.255.240
 ip flow ingress
 ip flow egress
 duplex auto
 speed auto
 
 router rip
 version 2
 redistribute ospf 10 metric 5
 network 172.20.0.0
 no auto-summary
 
 ip route 0.0.0.0 0.0.0.0 74.99.128.17
----------------------------------------------------------------------------------------------------------

                                       (Fail over DMVPN with RIP )
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key welc0me address 74.99.128.25

crypto ipsec transform-set strong esp-3des

crypto ipsec profile cisco
 set security-association lifetime seconds 7200
 set transform-set strong


interface Tunnel10
 bandwidth 1024
 ip address 172.20.20.2 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication 
 ip nhrp map multicast 74.99.128.25
 ip nhrp map 172.20.20.1 74.99.128.25
 ip nhrp network-id 250
 ip nhrp holdtime 300
 ip nhrp nhs 172.20.20.1
 ip nhrp registration no-unique
 ip tcp adjust-mss 1360
 no ip split-horizon
 delay 1000
 tunnel source FastEthernet4
 tunnel destination 74.99.128.25
 tunnel key 100
 tunnel protection ipsec profile cisco
 
 interface vlan 1
 description " HWIC-DSL Link"
 ip addresss dhcp
 ip virtual-reassembly in
 duplex auto
 speed auto
 
 router rip
 version 2
 network 172.20.0.0
 network 192.168.50.0
 no auto-summary
 
 ip route 74.99.128.25 255.255.255.255 192.168.1.1

 

interface Tunnel102
 description " Tunnel BR-HO "
 bandwidth 2048
 ip address 10.10.0.9 255.255.255.252
 tunnel source 172.33.33.18
 tunnel destination 172.33.1.18
!
interface FastEthernet0/0
 description "BR LAN"
 ip address 192.168.50.5 255.255.255.0
 duplex auto
 speed auto
!

interface FastEthernet0/1
 bandwidth 2048
 ip address 172.33.33.18 255.255.255.252
 duplex auto
 speed auto
!
router eigrp 200
 network 10.10.0.8 0.0.0.3
 network 192.168.50.0
 no auto-summary
!
router bgp 65350
 no synchronization
 bgp log-neighbor-changes
 neighbor 172.33.33.17 remote-as 65400
 no auto-summary
!
 

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎01-27-2015 06:50 AM

why not run EIGRP also over DMVPN cloud? 

Make sure DMVPN is less prefered based on matric (high delay value?). 

0 Helpful

mohammed asif suleman
Level 2
Level 2
In response to Marcin Latosiewicz

‎01-27-2015 03:43 PM

Hi,

 

i am running eigrp over MPLS and i want the dmvpn as failover, so configured rip as it's AD is higher and it will be preferred only when the primary is down, but i want to make sure , it switches over to primary as soon as MPLS comes up.

if not DMVPN then canyou please suggest me anyother way to get over it...

0 Helpful
Customers Also Viewed These Support Documents