failover routing

Unanswered Question
Feb 18th, 2009

got a client running a point to point T1 circuit between two offices on cisco routers. They also have a VPN tunnel between the same two locations running on watchguard firewalls. They want to setup failover in the event the point to point circuit goes down the two offices will communicate using the VPN tunnel.

I have the following config in the router. I can get the tunnel on the router to come up but when I bring down the point to point the tunnel doesn't failover to the VPN tunnel.

SITE1

e0 inside 10.10.1.1/16

s0/0/0 ptp 192.168.1.1/30

Loopback0 192.168.11.1/32

Tunnel0

Source Loopback0 Destination 10.26.1.3

EIGRP 1068 10.10.0.0 Dist-list 90 out Tunnel0

IP Access-list 90 permit 10.10.0.0 0.0.255.255

IP route 10.20.0.0/16 192.168.11.2 180

Watchguard LAN IP 10.10.1.2

SITE2

E0 10.20.1.1/16

S/0/0/0 192.168.1.2/30

Loopback0 10.26.1.3/32

Tunnel0 192.168.11.2/30

source Loopback0 destin 10.16.1.3

EIGRP 1068 10.20.0.0 Dist List 90 out Tunnel0

IP access-list 90 permit 10.20.0.0 0.0.255.255

IP Route 10.10.0.0/16 192.168.11.1 180

watchguard LAN IP 10.20.1.2





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 02/19/2009 - 14:42

Hello Jason,

I would suggest to post a filtered version of the configuration of your routers including your config of the VPN tunnel.


Do you mean you have GRE inside IPSec or the VPN tunnel is only the GRE tunnel ?


And are the watchguard configured to allow GRe packets between that specific ip addresses ?


Hope to help

Giuseppe


Actions

This Discussion