Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
4
Replies

Question on how to tackle this VPN setup

jack.leung
Level 1
Level 1

‎05-13-2010 11:40 AM

I have Site A whose VPN router has two VPN tunnels built to two sites. To Site B it connects to a VPN Concentrator with a site to site ipsec tunnel (doing reverse-route injection), and to Site C it connects using a GRE tunnel and runs EIGRP over it. Both B and C can talk to each other through, say, over WAN. I want Site A to be able to route to Site B via Site C in case the concentrator fails in B. The problem I'm running into is that the site to site tunnel will never attempt to build becuase it is already aware of Site B via EIGRP with Site C. Is there a way to force the tunnel to build? Once it is built because of the static route it will prefer it over EIGRP but the problem is getting the tunnel to come in the first place. Obviouslty if I prevent EIGRP from happening the tunnel will come up but I can't do that everytime the router reboots or something.

Site A ===== GRE Tunnel , running EIGRP === Site C

=

=

=

site-to-site

=

=

=

Site B

Labels:
0 Helpful
4 Replies 4

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-13-2010 11:44 AM

Hi,

SiteA - SiteB = IPsec tunnel
SiteA - SiteC = GRE tunnel

In order to allow communication between SiteA and SiteC through SiteB:
There must be a site-to-site that should be established between SiteA
and SiteC and between Site C and Site B. (to take over when SiteA-SiteB fails).
Do you want to enable a Site-to-Site between A-C/C-B?

Federico.

0 Helpful

jack.leung
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-13-2010 11:58 AM

Lets say Site C and B exchange routing information via BGP over MPLS but Site A is not part of MPLS and I don't want to establish another site to site from A to C as there is a GRE tunnel already between the two. Is there any other way?

0 Helpful

jack.leung
Level 1
Level 1
In response to jack.leung

‎05-17-2010 06:50 AM

BUMP

0 Helpful

Herbert Baerten
Cisco Employee
Cisco Employee
In response to jack.leung

‎05-19-2010 03:15 AM

So if I understand correctly, the question can be reduced to "how can I make sure the L2L between A and B comes up (and stays up) automatically, even when the route to the B network are pointing to C" ?

Here's an idea: find (or allocate) an ip address at site B, that is not used for regular traffic.

On A, configure a static route to that single IP, going over the tunnel to B.

Then configure something that sends traffic to that IP address at regular intervals. E.g. NTP, IP SLA, ...

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents