Solved: Re: dual site to site VPN

Bart Kersten · ‎11-29-2012

Hi,

We have a customer who has 2 sites, at both sites the have 2 internet connections for redundancy. In the new situation we will install 2 800 series routers. On both sites we will run HSRP for rundundancy.

Now the qeustoin is, i want to run 2 different IPsec tunnels between the sites. So if 1 fails the other is goin to take over. So bassicly i will terminate between r1 at site 1 and r1 at site 2, and a tunnel between r2 at site 1 and r2 at site 2.

I want the tunnel between r1 and r1 to be the main tunnel, and the tunnel between r2 and r2 to be the backup.

What is the best way to achieve this? I could think of a fee things myself, but i really would appreciate some advice from the experts! :D

Thanks in advance

Sent from Cisco Technical Support iPhone App

ptrynisz · ‎11-29-2012

Hi Bart,

I would suggest to build full mesh of VTIs between the routers. Two VTIs from each router connecting to both routers on the other side. Inside VTIs and local networks you run dynamic protocol e.g. EIGRP - you will be able to control tunnels preference based on bandwidth/delay you will set.

Such solution will allow you to have communication between sites even if Internet link on Site A router1 and Site B router 2 go down. In the option you mention this would not be possilble.

Attaching helpful articles:

VTIs -

http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629_ps6635_Products_White_Paper.html

EIGRP -

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/12-4t/Configuring_EIGRP.html

I hope that helps.

regards,

Pawel

View solution in original post

ptrynisz · ‎11-29-2012