Re: Site to site VPN redundancy with same subnet on customer side.

Pradeep S.R. · ‎05-01-2018

I have customer site A & B connecting to Datacenter C &D with same LAN subnet on Customer site A &B.

Datacenter C&D will have site to site VPN tunnel to A&B. I have enabled RRI in the Datacenter firewalls.In essence both the datacenters will learn the same remote network and redistribute this network into IGP thus creating a routing conflict for all the remote sites which try to connect to the remote network.

As you know RRI will always insert a static route irrespective of the tunnel status.

I would like the remote location to always go through Data center C Site to site VPN tunnel and use Data center D in case of any issues with VPN tunnel on "C" side.

Is there a way I can achieve VPN redundancy using this scenario.Please help me with this.

Note:- customer is not agreeing for Natting the network on their side.

Francesco Molino · ‎05-01-2018

Hi

I believe you've configured nat for your vpn as you've 2 remote sites with overlapping subnets.

If you use the crypto map command set peer IP1 IP2, it's gonna do what you're expecting.

This command build up a vpn with IP1 And switch over IP2 when IP1 isn't reachable.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Pradeep S.R. · ‎05-02-2018

Customer is not willing for NAT on their side.

Francesco Molino · ‎05-02-2018

Ok but you will need then to nat on your side.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question