VPN Cisco 2821 HQ and Cisco 1841 Branch for failover (2 wan interface)

Answered Question
Nov 24th, 2009
User Badges:

Dear All Expert,


I would like to ask you some question about failover for HQ to Branches by VPN connection.

At HQ site i had Cisco router 2821 with Hwic-4ESW and At the Branch site i had Cisco Router 1841 with Hwic-4ESW.

From HQ to Branch we have 2 Wan link (2 ISP, one for Primary link and other one for Bakcup link), when the Primary link donw, the Back up link will be up aotomatically. I would like to ask you about configuration from HQ to Branch by VPN connecion ( primary and Back up link) how can i configure?


Best Regards,

Rechard_HK

Correct Answer by tetong about 7 years 5 months ago

Hi Rechard_hk,


Glad that command helping you.

1. Yes, the command must apply to both HQ and Branch. Else your Branch will have return route issue.

2. You can ignore GRE setup. This setup is for complex branch office network, after viewing your network diagram floating static route is the best resolution suit to your network environment.

Regards,

Tan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
tetong Tue, 11/24/2009 - 00:08
User Badges:

Hi Rechard_HK,


Do you have any firewall in between?


Regards,

Tan

rechard_hk Tue, 11/24/2009 - 00:13
User Badges:

Dear Tan,


No, don't have any firewall.

But At HQ i have core-swith 3560 for intervlan and Cisco Router 2821 connect to Core-swith 3560.


Thanks you for your question!!!


Best Regards,

Norung

rechard_hk Tue, 11/24/2009 - 01:32
User Badges:

Dear Tan,


i'm not clear about GRE tunnel that you show me, could you let me know detail than this?


i'm not clear that i have 2 ISP, so how can i create tunnel GRE( how many GRE that i create  at HQ and Branch because i have two ISP link)?

On your link that you send to me which point that it fail over?

Thanks you for your support!!!


Best Regards,

Rechard_HK

tetong Tue, 11/24/2009 - 08:20
User Badges:

Hi Rechard_HK,


Do you have a network diagram? then i can propose the better solution.


Regards,

Tan

rechard_hk Wed, 11/25/2009 - 02:19
User Badges:

pic01.jpgDear Tan,


Please see in the attach file.


Best Regards,

Rechard_hk

rechard_hk Wed, 11/25/2009 - 20:39
User Badges:

Dear Tan,


Do you have update?


Best Regards,

Rechard_HK

tetong Thu, 11/26/2009 - 00:13
User Badges:

Hi Rechard_HK,


The answer to your question is floating static route. You can configure two static routes, one pointing to the first leased line and the other pointing to the second leased line. Suppose these lines are connected to F0/0 and serial F0/0/0 interfaces. Then your static routes would look like
Ip route 0.0.0.0 0.0.0.0 F0/0
Ip route 0.0.0.0 0.0.0.0 F0/0/0


This will load balance the traffic between the two lines. If you don't want load balancing, and want second line purely as backup, then your configuration would look like –

Ip route 0.0.0.0 0.0.0.0 F0/0
Ip route 0.0.0.0 0.0.0.0 F0/0/0 150


The 150 command in the second route here tells the router that the administrative distance for the second route is 150 (for normal static route it is 1). So the second route has a less preference than the first route, and should only be used when the first route fails.


Regards,

Tan

rechard_hk Thu, 11/26/2009 - 00:49
User Badges:

Dear Tan,


Very thanks you for you help me!!!


i got command that you give me, so i would like to ask you some question that:

1- Do i need add two comand stastic route at HQ and Branch or just add two stastic router only HQ?

2- when i used stastic router, we don't need to use GRE that you show me last time?


Best Regards,

Rechard_hk

Correct Answer
tetong Thu, 11/26/2009 - 01:08
User Badges:

Hi Rechard_hk,


Glad that command helping you.

1. Yes, the command must apply to both HQ and Branch. Else your Branch will have return route issue.

2. You can ignore GRE setup. This setup is for complex branch office network, after viewing your network diagram floating static route is the best resolution suit to your network environment.

Regards,

Tan

rechard_hk Sun, 11/29/2009 - 17:59
User Badges:

Dear Tan,


Thank you again for your time and fully support!!!


In the future, if i have any problem or i have some quetion want to ask you , so How can i ask you?


Best Regards,

rechard_hk

Actions

This Discussion