05-13-2007 03:32 AM - edited 03-03-2019 04:57 PM
hi,
actually i am seeking help in configuring an automatic failover for our two separate connections in such a way thay if the primary link fails the router whould be able to automatically adjust and route traffic from the second link and once link comes up it should revert back to primary link.
just like we do while having ISDN connection for backup and when primary link comes up it moves back.
the only problem in that here it will be no ISDN only one Lease Line (primary) and other through Internet IPSec Tunnel.
any help would be gr8
05-13-2007 03:47 AM
There are many ways. You can configure two EIGRP processes , EIGRP 100 (Primary) and EIGRP 200 (GRE IPSEC VPN Tunnel). On EIGRP 200 set the 'distance eigrp 100 180' which will make it higher than the default.
When the primary link fails, the eigrp 200 would start routing over the tunnel. Keep in mind you will have to redistribute EIGRP 100 into 200 and on the other end of the tunnel, prevent suboptimal routing.
Cheers!
05-13-2007 03:55 AM
I'm not sure, why the need for TWO separate processes? If you have control over your infrastructure, one should be enough.
Anyway, I think we need to know more exactly, how the router is connected, what is on the other side of the leased lines, what on the othewr side of the VPN tunnels, how the tunnles gets to the router etc.
05-13-2007 03:58 AM
You can use one or many. All depends on the requirements and what routing protocols are used. Why do you think its called "dynamic" routing? :o)
05-13-2007 12:55 PM
05-13-2007 01:09 PM
design looks decent, though this takes careful planning. Remember, if you fail to plan, you plan to fail! I highly recommend getting with your network design engineer in regards.
I gave you one of many possibilities of doing failover, but I cannot continue any further as I dont know your organization needs.
Good luck!
05-13-2007 02:07 PM
hi thanks for the reply,
surly i will carefully plan it before implementing it. just another advise, i am looking into other possibilities e.g. rtr in router IOS, like configure it on the router which connects both the FW.
what's your opinion on it?
05-13-2007 03:39 PM
Hello,
nice slide. Build GRE tunnels full meshing one router per site. I suggest the one inside the firewall. The GRE tunnel can be point-to-point, or multipoint; I suggest you use point-to-point for simplicity as you have few sites. If you need your data to be encrypted, make IPSec VPN to carry GRE; there is documentation on CCO on how do this.
Then use a routing protocol, you may have one already running to carry reachability information for the LAN of your interest, both on the tunnel interfaces, and the physical WAN. It should not be necessary adjust metrics as by the default the tunnel interfaces has less.
This will provide failover for LAN-to-LAN connectivity on loss of WAN links.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide