Need help with dial backup in a fully meshed VPN

Unanswered Question
Aug 25th, 2010

We have four locations, fully meshed via IPSEC tunnels and running EIGRP.

Each location has has a dedicated WAN connection with a static IP address.

I'm looking for a solution where if one branch loses its dedicated WAN connection, it can dial into the local ISP and reestablish its tunnels. The IP it receives via dialup will be dynamic.

I've considered DMVPN, however it seems to me that if the hub is lost, the spokes will be unable to establish spoke-to-spoke connections since they will be unable to resolve next-hop.

Is there another solution that I haven't found?

Many thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Wed, 08/25/2010 - 04:01

hi dan

i am not quite sure if i understood ur requirement

r u going to configure sla monitoing on each interface???

so if i understand right u have a hub and spoke topology wherin u want the tunnel to come up via a back up link whenever ur wan link goes down

if so what is the nature of ip's u have are they static or do u get a different ip everytime

deveynFSM Wed, 08/25/2010 - 04:11

There will be no SLA monitoring.

Basically what we want is a fully meshed network, that can use dial backup to maintain the tunnels without having to use DMVPN.

The IP addresses we have are static on the WAN links but dynamic on the dialup.


Jitendriya Athavale Wed, 08/25/2010 - 06:03

try making loopback interface and terminate vpn tunnel on that interaface
now make a gre tunnel interface with source as loopback and destination as the remote loopback address

that way irrespective of which internet link is active your tunnel will work, but what i dont understand how will you make the failover of isp preemptive without sla monitor. i mean without sla monitor you will have to fall back manually

however you will need to give public ip to loopback

i have not tried it out, you might want to try this out first in your lab setup


This Discussion