Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2838
Views
20
Helpful
18
Replies

How to redundant VPN

Go to solution
joe.groess
Level 1
Level 1

‎10-16-2012 03:51 PM

I have two sites with 2921 IPSec Routers. Each router has 3 ethernet interfaces. One LAN, one Internet, and one Ethernet based private circuit.

I need to do site to site VPN between these routers, over the private circuit. However, that circuit fails on rare occation, so I want to have a failover VPN to go over the Internet as a backup.

It doesn't matter to me if it's primary / secondary failover or if it's load balanced with failover. What is critical is if one circuit fails, my remote site continues to communicate with the main office.

HSRP looks like I need two routers and the HSRP protocol monitors multiple LAN interfaces, and I only have the one.

I've opened a case with TAC, but it's been a week without any progress.

Surely this isn't that difficult to do.

Labels:
0 Helpful
18 Replies 18

Go to solution
joe.groess
Level 1
Level 1
In response to olpeleri

‎11-15-2012 10:38 AM

Thank you so much for your help. I am so relieved to see this working in my lab, I finally feel like I'll be able to impliment this.

Go to solution
olpeleri
Cisco Employee
Cisco Employee
In response to joe.groess

‎11-15-2012 10:43 AM

Joe,

It has been a good learning opportunity.

I'm glad to know it's now working in your lab.

Good luck with your deployment.

Regards,

Olivier,

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to joe.groess

‎11-07-2012 01:29 PM

Tunnel IP's usually are totally different and people just use a /30 for the tunnel IP for instance:

Router1

interface fa0/0 (WAN)

ip address 1.1.1.1 255.255.255.248

!

interface fa0/1 (LAN)

ip address 192.168.1.1 255.255.255.0

!

interface tunnel0

ip address 10.10.10.1 255.255.255.252

tunnel source fa0/0 (This is your WAN interface)

tunnel destination 2.2.2.2 (This is Router2's WAN IP)

Router2

interface fa0/0 (WAN)

ip address 2.2.2.2 255.255.255.248

!

Interface fa0/1(LAN)

ip address 192.168.2.1 255.255.255.0

!

interface tunnel0

ip address 10.10.10.2 255.255.255.252

tunnel source fa0/0 (This is Router 2's WAN interface)

tunnel destination 1.1.1.1 (This is Router1's WAN IP)

Now this is just a very basic high level overview for an example.  I'd also suggest making this more secure by using tunnel mode ipsec ipv4 and creating an IPSec profile.

0 Helpful

Go to solution
joe.groess
Level 1
Level 1
In response to ALIAOF_

‎11-08-2012 01:58 PM

Thanks Cassius -

I Think I'm starting to understand this.

0 Helpful
Top