OSPF with Multiple IPSEC Tunnels and redundant routers.

Unanswered Question
Mar 5th, 2010
User Badges:

I have an issue in our environement at the moment with our OSPF setup.

We have 2 edge routers with GRe over IPSec tunnels out to several remote sites. These routers are connected via our core router.

Each of the remote sites have 2 tunnels configured, 1 to each of the edge routers.

I've noticed an issue where the tunnel conection fails on on of the routers the OSPF does not re route via the other router.

What appear to happen is that Router A learns that  the remote network is adjecent to one of it's local subnets (the tunnel interface) and therefore advertises that it can reach the subnet. This prevents routing from working. From Edge router B you can access the remote network but from the Core the advertised route from Router A takes precedence.

The tunnels and remote site are in a different OSPF area from the core.

The only way to resolve this is to shutdown the relevant Tunnel interface on router A then everything starts to work again.

If anyone has any ideas I'd love to hear them.

Thanks and regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sat, 03/06/2010 - 11:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I have read your description and looked at your diagram and am still not sure what is going on. When you describe that the tunnels and remote site are in a different OSPF area than the core it makes me wonder whether the edge routers are doing any kind of summarization of routes to the core?

Perhaps if you could post relevant parts of the edge router configs and the core config we might be able to supply better answers.



Leo Laohoo Sun, 03/07/2010 - 04:34
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

I've implemented alot of this and I've never seen this behaviour before.  Can you post your config, as Rick mentioned?  What IOS and feature set are you using?

Bruce_Arnott_NH Fri, 03/12/2010 - 14:07
User Badges:

Turns out the solution was pretty simple. Keepalives were not set on the tunnel interfaces so they would stay up even when unable to connect.

Turning on keep alives means the router with the disconnected tunnel does not try to route through it's local network to the adjacent network.

Thanks for the replies though.


This Discussion

Related Content