Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
1
Replies

Unstable IPSEC VPN connection

chloi
Level 1
Level 1

‎04-23-2006 08:17 AM - edited ‎02-21-2020 02:22 PM

R1---T0----R2

---T1----

R1 have 2 public Interface.

R2 has 1 Public Interface.

DMVPN being setup between the two router

2 Tunnel being configure for the DMVPN.

IPSEC connection from R2 to R1 via Tunnel0 are stable and stay connect.

IPSEC connection from R2 to R1 via Tunnel1 are unstable and always disconnect after a few second the IPSEC being associated.

Question:

1)Can this setup work?

2) If i want to acheive VPN failover(provided the HQ Router(R1) has 2 Public interface, Branch Router(R2) has only 1 Public), Do I have other method?

thanks

Labels:
0 Helpful
1 Reply 1

Not applicable

‎04-28-2006 07:32 AM

Each spoke has a permanent IPSec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.

When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.

After the originating spoke "learns" the peer address of the target spoke, it can initiate a dynamic IPSec tunnel to the target spoke.

The spoke-to-spoke tunnel is built over the multipoint GRE interface.

The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets can bypass the hub and use the spoke-to-spoke tunnel.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

0 Helpful
Customers Also Viewed These Support Documents