We currently have DMVPN running with 1 Hub and 2 spokes.
What we'd like to do on each of the spokes is have a backup wan connection as a failover in case the primary wan connection goes down. The hub only has one wan connection currently
My thought was to build additional tunnels on the hub and spokes to serve as the 'backup' routes. So, for example, all of the devices would have Tunnel0, which is the main tunnel, then I would add Tunnels 1 and 2 on the hub - using a different nhrp subnet and then create Tunnel1 on spoke A and Tunnel2 on spoke B.
What I noticed though is that even before I did any change on our routing (it is all static), about a half hour after I brought up the secondary tunnel between the hub and spoke A, both spoke A and spoke B had suddenly shifted over to Tunnel1 from Tunnel0 (which caused their connections to drop). I had configured each of the tunnels to use a different subnet (i.e. 172.16.0.0, 172.16.1.0, 172.16.2.0) and had yet to change the routing at all. They are all sharing the same crypto, so I'm am not sure if that is contributing to the problem.
Is there a step I am missing, or am I going about this the wrong way?
Get more with Firepower 6.6.1 – Cisco’s latest suggested release
The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform
In September 2020, Cisco of...
In my setup I see pending approvals under Web clients but also All Client?
In pxGrid 1.0, we have “Dynamic capabilities”. Those have to be approved too. So the difference is one for client approval and the other for capabilities approval. For ex...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Question. Our legal folks have asked if it is possible to add a footer to outbound email if it went out via TLS. So if it successfully negotiates TLS, can we add a footer that says "Sent successfully via TLS 1.2". Is this possible? ...
Segmentation Strategy - An ISE Prescriptive Guide
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document ...