ip sla & vpn with more than 2 Routers

Unanswered Question
Aug 3rd, 2012
User Badges:

Hi Everyone,


The problem is bellow :

First, I have 2 cisco routers with 2 links, the first link is primary and the second is a backup. I configured this classicaly by using ip sla (with icmp echo to verify the continuity of the link), than, I created 2 vpn each one on one link, that means that traffic always uses vpn between the two routers for the primary link and aloso for the backup link.


Now, I want to add another router and I want the same behavior between it and the first router.


Is it possible to connect the same interfaces on the first router (logically) to more than 2 routers and uses ip sla with evry link ?

Is it possible to use vpn in evry link here ? how ?




Image1.jpg



Config with only 2 routers is :



hostname Routeur_Siege



track 10 ip sla 1 reachability

delay down 1 up 1


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2


crypto isakmp policy 5

encr aes

authentication pre-share

group 2



crypto isakmp key vpnsttat address 3.3.3.3

crypto isakmp key Sttat*2012 address 4.4.4.4


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set STTAT-VPN esp-3des esp-sha-hmac


crypto map SDM_CMAP_1 1 ipsec-isakmp

set peer 3.3.3.3

set transform-set ESP-3DES-SHA

match address VPN-ACL


crypto map VPN-SEC 40 ipsec-isakmp

set peer 4.4.4.4

set transform-set STTAT-VPN

match address VPN-ACL



interface GigabitEthernet0/0

description SDSL

ip address 1.1.1.1 255.255.255.248

ip nat outside

ip virtual-reassembly in

ip tcp adjust-mss 1300

duplex auto

speed auto

crypto map SDM_CMAP_1


interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1300

duplex auto

speed auto


interface ATM0/0/0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1



interface Dialer1

description Connection_Secondaire

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname ************

ppp chap password 0 *************

ppp pap sent-username *********** password 0 *********

crypto map VPN-SEC


ip http server

ip http authentication local

ip http secure-server



ip nat inside source route-map MAP interface Dialer1 overload

ip nat inside source route-map MAP-2 interface GigabitEthernet0/0 overload


ip route 0.0.0.0 0.0.0.0 Gi0/0 track 10

ip route 0.0.0.0 0.0.0.0 Dialer1 20



ip access-list extended LAN-ADSL

......

ip access-list extended VPN-ACL

.....


ip sla 1

icmp-echo 3.3.3.3 source-interface GigabitEthernet0/0

threshold 2000

timeout 2000

frequency 5

ip sla schedule 1 life forever start-time now


route-map MAP permit 10

match ip address LAN-ADSL

match interface Dialer1


route-map MAP-2 permit 10

match ip address LAN-ADSL

match interface GigabitEthernet0/0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion