Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
4
Replies

dual wan, dual VTI between two offices

Go to solution
Olivier Joly
Beginner
Beginner

‎05-17-2012 07:58 AM

Hello,

We have two offices with two 1841 routers. Each office have two wan links (one ADSL with dialer, one SDSL) with fixed IP.

The adsl link is the default route with failover.

There is only one VTI working properly with the config below (the adsl one). If I remove the route "ip route 0.0.0.0 0.0.0.0 dialer 1 track 1" both VTI are working properly, however all traffic is going to SDSL witch is not the behaviour we would like to get.

Have you any suggestion to get both VTI working with default route to ADSL link ?

Thanks in advance,

Regards,

Olivier

------------------------------------------------

track 1 ip sla 1 reachability

delay down 1 up 1

!

!

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

crypto isakmp key XXXXXX address 217.x.x.133 no-xauth

crypto isakmp key YYYYYY address 95.x.x.22 no-xauth

!

!

crypto ipsec transform-set esp-aes128-sha esp-aes esp-sha-hmac

!

crypto ipsec profile vti

set transform-set esp-aes128-sha

!

!

interface Tunnel0

description VTI To boussolebea

ip address 192.168.50.1 255.255.255.0

tunnel source Dialer1

tunnel mode ipsec ipv4

tunnel destination 217.x.x.133

tunnel path-mtu-discovery

tunnel protection ipsec profile vti

!

interface Tunnel1

description VTI To Boussolebea SDSL

ip address 192.168.51.1 255.255.255.0

tunnel source FastEthernet0/1

tunnel mode ipsec ipv4

tunnel destination 95.x.x.22

tunnel path-mtu-discovery

tunnel protection ipsec profile vti

!

interface FastEthernet0/0

description LAN Interface

ip address 192.168.10.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

description To SDSL

ip address 62.x.x.10 255.255.255.252

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/0/0.1 point-to-point

pvc 8/35

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Dialer1

description To ADSL

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname

ppp chap password 7

!

ip local policy route-map IspSDSL-Redirect

ip local pool PoolVpnAdsl 192.168.60.1 192.168.60.10

ip local pool PoolVpnSdsl 192.168.61.1 192.168.61.10

ip forward-protocol nd

ip http server

ip http access-class 10

ip http authentication local

ip http secure-server

!

!

ip nat inside source route-map IspADSL interface Dialer1 overload

ip nat inside source route-map IspSDSL interface FastEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1 track 1

ip route 0.0.0.0 0.0.0.0 62.x.x.9 10

ip route 192.168.11.0 255.255.255.0 192.168.51.2

ip route 192.168.11.0 255.255.255.0 192.168.50.2 10

!

ip access-list extended Ipsec

permit tcp host 62.x.x.10 eq 500 any

ip access-list extended SSH

permit tcp host 62.x.x.10 eq 22 any

ip access-list extended SSL

permit tcp host 62.x.x.10 eq 443 any

!

ip radius source-interface FastEthernet0/0

ip sla 1

icmp-echo 193.x.x.3 source-interface Dialer1

threshold 60

timeout 1000

ip sla schedule 1 life forever start-time now

logging esm config

access-list 10 permit 192.168.10.0 0.0.0.255

access-list 10 deny   any

access-list 100 permit ip any any

dialer-list 1 protocol ip permit

!

!

!

!

route-map IspSDSL permit 1

match ip address 10

match interface FastEthernet0/1

!

route-map IspADSL permit 1

match ip address 10

match interface Dialer1

!

route-map IspSDSL-Redirect permit 10

match ip address SSL SSH

match interface FastEthernet0/1

set ip next-hop 62.x.x.9

Labels:
0 Helpful