06-18-2006 05:20 PM - edited 02-21-2020 02:28 PM
Hi all
I have a 10x857 connecting to 2821 with IPSEC.
I also have an 1801 for general internet connection and would like to provide redundant VPN to it from the 857?s.
The best solution I believe is DMVPN but the 857 doesn't support it.
Any ideas for alternative configuration to provide VPN redundancy for the 857?s?
Regards
06-19-2006 12:17 AM
You can look at DPD + RRI or DPD + HSRP between the 2800 and 1800 at the hub for redundancy.This will give u VPN redundancy.
07-21-2006 08:23 AM
I haven't used an 1801 or 857's, but if they support GRE/IPSec tunnels you can do that. On the brach routers, terminate a GRE/IPSec tunnel to both routers at head office. That allows you to run a routing protocol between them.
I run OSPF across all my VPN tunnels. Primary VPN routers goes down, then the other link converges via OSPF pretty quickly.
I have some config if it would help.
08-01-2006 12:09 AM
Hi Nikolay,
I agree with Mark Anthony, as the best way to achieve redundancy at the Head End is to change from IPSec Direct Encapuslation (as I assume you are using) to Peer-to-Peer GRE in IPSec Tunnels which makes the Routing Protocol deployment easy over VPNs.
Then make sure that your branch offices have 2 simultaneous connections to the Head End i.e. 1801 and 2821 (both should have VPN Accelerator cards).
Then run the EIGRP (You could use OSPF as well) and thats it!!!
You have achieved automatic failover mechanism for the IPSec VPNs.
Regards,
Wilso Samuel
08-01-2006 02:40 AM
If you don't want to use a dynamic routing protocol to switch between the VPN Connections, it is also possible by using floating static routes; since you have two GRE tunnels (one to the 2800 and one to the 1800) up, it is possible to create two static routes (one with cost 100 and one with cost 150).
I had to use this solution once where I had to enable fallback via ISDN and OSPF kept the ISDN line up because of keepalive packets (and all branch offices learns about the complete network topology which is in some occasions not desirable).
Regards
Pieter-Jan Nefkens
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide