cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
4
Helpful
5
Replies

Tunnel Interface has backup of a FR link

adminedensa
Level 1
Level 1

Hi all.

I 've 2 sites coneccted with a Frame relay link. On each site I 've c2610 routers running ip eigrp routing protocol.

On the HQ site I also have an ASA5500 that acts as endpoint of ipsec vpn to other branchs including the one I'm talking.

In these branch site I 've install a adsl router (not CISCO) that create a ipsec vpn link with the ASA as a backup of the FR link. The way I do it is with a static route in the branch office with a distance of 200.

I'm looking for a solution where I can share traffic between the fr link and the vpn. It seems that the aswer to my question is to create a GRE tunnel between the 2 routers and into the ipsec VPN in order to carry ip routing traffic by second path. Is this coorect? What are the ip addressing considerations if my branch ip address LAN is 10.110.32.0 /24 my HQ is 10.10.0.0/16 and de FR link is 10.210.32.0/30. Can you suggest me an addressing solution without configurating a loopback interface.

Thanks.

Juan Cruz.

5 Replies 5

Edison Ortiz
Hall of Fame
Hall of Fame

It seems that the aswer to my question is to create a GRE tunnel between the 2 routers and into the ipsec VPN in order to carry ip routing traffic by second path. Is this coorect?

Correct. In order to carry the EIGRP protocol over an IPSec tunnel you need GRE.

What are the ip addressing considerations if my branch ip address LAN is 10.110.32.0 /24 my HQ is 10.10.0.0/16 and de FR link is 10.210.32.0/30. Can you suggest me an addressing solution without configurating a loopback interface.

Ok, you lost me here. Once you configure the GRE in the IPSec link, the HQ will see two routes from the branch office. The load-balance will depend on the metrics of the routes being advertised. You can play around the EIGRP metrics to make this work or you can look into the variance command under EIGRP.

I'm not sure about a loopback interface for this task. What's the purpose for the loopback?

__

Edison.

Hi, Edison.

In some Gre over Ipsec design guides Cisco configures Loopback interfaces. They use it as for tunnel termination. This interface is not in the routting process. I don't know why?.

I'll work in the variance command.

Thanks a lot.

Juan Cruz

In some Gre over Ipsec design guides Cisco configures Loopback interfaces.

Can you provide a link where you saw this?

They use it as for tunnel termination.

Tunnel terminates in tunnel interfaces, not loopback interfaces.

his interface is not in the routting process. I don't know why?.

Correct, tunnel interfaces IP address do not participate in the routing process and often are given a point-to-point subnet (/30). You don't want tunnel interfaces to participate in the routing process since you want to avoid recursive routing - in other words, advertising the tunnel interface via the tunnel.

HTH,

__

Edison.

here is the link:

www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008073a0c5.pdf

I guess they use loopback interfaces because they don't go down. I think this is important because they can have the tunnel up in case other interfaces go down. Am I right?

Is there any white paper you can suggest me of recursive routing?

Thanks again.

JCG.-

A design with loopback as the source and destination under the tunnel interface can be used when having multiple connections between the sites. Sourcing from the loopback instead of the physical egress interface, allows you to 'failover' in case one of the physical egress interfaces go down.

With that said, if you have a point-to-point WAN link, sourcing the tunnel from the egress IP address with destination being the remote router's WAN link is the most common configuration.

You don't need additional static routes on either router for loopback reachability nor the need to waste a subnet for loopbacks.

As for recursive routing, please see:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094690.shtml

HTH,

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: