Hi, thank you both very much for your replies.

I have been looking briefly at DMVPN as you suggested and it looks to be exactly what I need.

The reason why I would like to use ASA's in my network, is because the company has them already in operation.

Rightnow the network uses keepalives at the router in the branchoffice. The routers is sending keepalives to the primary VPN tunnel on an interval of 10 seconds.

The problem with this is that in case of a failure, it takes 30 seconds up to a full minute until the router at the branchoffice has failed-over and starts using the secundary VPN tunnel.

Because we're using VoIP on our network and the Callmanagers are at the HQ's, this is unacceptable.

Do you think that using DMPVN in this scenario is going to reduce the failover time?

And are there other techniques I need to use in this scenario, like EIGRP/OSPF or something like that?

Kind regards and again thank you for your help.

Dwayne

That's a good question, I've never test the failover time with the DMVPN myself, and I don't have resources to simulate your network in my lab. But I assume it will be faster, if you are using EIGRP for example, the hello timer period by default is 5 secs, it's faster than using keepalives on the router with 10secs interval. (Don't count on this one, because I have no hard proof to show you)

Regarding the techniques, you will need to learn how to play around with NHRP and NHS, for the routing protocol, you can use either EIGRP or OSFP as you've mentioned.

There are no failover, if you think about it.

With Eigrp or OSPF, everything is already there.  the routes are already established.  In other words, the VPN tunnel never goes down because of redundant ISP and routings are already inplace.  Your traffics just use a different paths, that's all.

It makes sense, it depends on the priority on which path the traffic will use, but it doesn't mean the other network is not working, correct? thanks for pointing that out for me, I didn't think it that way, 5 from me for that!

Again, thanks for the reply.

I'm going reconstruct our network in GNS3 and am going to do some failover tests, with the keepalives set and with the DMVPN solution. I am going to use EIGRP as the routing protocol, because I think it is faster and speed is what I'm after. Also EIGRP seems to be better suited for our network.

I will let you know about the resultes when I'm finished testing, but first I need to dive a bit deeper in the world of DMVPN's.

there are many DMVPN templates out there that you can use.  You can have DMVPN up and running in less than 20 minutes.

David do you perhaps have such a template with two hub sites and two or three spokes?, (if you don't mind me asking)

I kinda am new to the whole concept.

Okay, I have spend some time trying to reconstruct our situation in GNS3 but then when DMVPN.

Our network looks like this:

Right now I have configured both the physical and logical tunnel interfaces:

HQ1:

     - Fa1/0: 1.1.1.1 /24

     - Tun1:   192.168.1.1 /24

BR1:

     - Fa1/0: 3.3.3.3 /24

     - Tun1:   192.168.1.3 /24

ISP:

     - F1/0: 3.3.3.4 /24

     - F1/1: 1.1.1.2 /24

But BR1 and HQ1 are not forming a neighbour relationship because they don't know how to get to oneanother.

I have advertised all the networks into EIGRP, but I do not have configured EIGRP on the ISP router, because that is not realistic.

I gues I need to configure BR1 with a default route, but with what Interface? The tunnel or the physical interface?

Hi Dwayne,

Static routes to your ISP using the physical interface( as this is the case in most cases-small business).

Note: before you do any DMVPN, be sure you have access between the members and the HQ.

Plz rate if this helps.

Regards,

MKDCCIE

How do you mean "access between the members and the HQ"?

i mean connectivity