Configure Redundant Tunnel

Unanswered Question
Jul 18th, 2009
User Badges:

Hi,


Can some one plz help regarding configuration of redundant Ipsec Tunnel over EIGRP. Currently all remote sites are connected with ipsec tunnel. How can i connect all remote sites auto with DR after down of DC(Priamry Tunnel).


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Todd Pula Mon, 07/20/2009 - 06:04
User Badges:
  • Silver, 250 points or more

Can you give more details regarding your environment? What types of devices are terminating your IPSec tunnels? Are the DC and DR locations separate? You have a few options that you can use. One would be a GRE over IPSec solution in which you will pin up two static IPSec tunnels, one to the DC and one to the DR. You will then overlay a GRE tunnel to each site over which you will run EIGRP. You can then influence path selection by modifying the EIGRP metric over the secondary path. Another potential solution would be DMVPN.

iqbal-zeeshan Mon, 07/20/2009 - 10:46
User Badges:

Hi,


Thanks for your reply,


My DC and DR are on seperate locations connected with 35 Branches. All are Cisco Devices with series of 2800 and 3800 series.

I have configured DMVPN and trying to encrypt the Tunnel via IPSEC, issue is that traffic is not going to that tunnel. It usually going via WAN interface beacuse the EIGRP route update via WAN interface.. How can i divert all traffic via this Tunnel with DC and Redundant to DR.

Do you have any sample configuration of Redundant Tunnel over IPSEC with EIGRP.


Regards

Zeeshan

Todd Pula Thu, 07/23/2009 - 09:52
User Badges:
  • Silver, 250 points or more

I still don't have enough details about your setup to say for sure but it sounds like you need to modify the metrics in your IGP in order to influence path selection. If the primary WAN is available and you have an EIGRP adjacency via this link, then you will want this to be the lowest cost path in EIGRP. If the primary fails, then the DMVPN tunnel to the DC would be next followed by the tunnel to the DR. You can also look into route summarization in order to influence path selection based on prefix length.

Actions

This Discussion