Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
5
Helpful
1
Replies

Redundancy in site to site VPN

ahmed.abdraboh
Level 1
Level 1

‎07-03-2011 03:28 AM

Dear all,

I have a HQ with two branches, the HQ contains one 3900 ISR router with two WAN connections, the two branche sites each one contains one 2900 ISR wth two WAN connections for each router.

i need to establish a site to site vpn with GRE between the HQ and the two branches, so  is it possible to

1-for HQ: i need to configure site to site VPN to the branches using the both WAN connections on the HQ Router like if one site to site vpn is down the other one will be on and works as High Availabilty.

2- same for the branch offices i want use both wan connections with HA in site to site vpn to the HQ.

3-using GRE for routing after configuring IPSEC VPN.

Labels:
0 Helpful
1 Reply 1

david.tran
Level 4
Level 4

‎07-03-2011 05:52 AM

Easy solution with GRE and IPSec.

- create a GRE with the loopback as tunnel source and the remote end as loopback destination,

- create IPSec on the loopback interface that you use as GRE tunnel source,

- create standard reguar IPSec and use the command "crypto map local-address lo0"

- apply crypto map to both the loopback and physical interface,

Now you have redundant IPSec VPN on both link.  If you're equal cost on both WAN link and use eigrp or OSPF or eBGP, both link will be used as well, like load-sharing

Customers Also Viewed These Support Documents