Hi Smitesh,

Thanks for your answer.

Sounds easy. But for that solution I need public ip addresses on the loopback interfaces of each router (site), don't I?

Actually all 4 interfaces are connected to 4 different ISPs - means (correct me if I am wrong) the routing in the internet may be a problem (provider 2 will not route the public ip address of provider 1, when the interface to provider 1 is down).

Best regards,

Martin.

Hi Martin,

Correct that you need Public IP address, but only at one site; other location can work on dynamic IP address. Look for IPSEC with dynamic IP addresses

And as far as your second concern goes, if you got normal internet circuit at your site, it should not be the issue; as every ISP is bound to connect ( either directly or indirectly to each other; it is the way how internet works.. )

Also, would point one more thing is DMVPN is generally deployed where you want to many sites and reduce the number of VPN tunnels, you deploy Hub and Spoke Model; but still maintaining the Site-to-Site communication.

Regards,

Smitesh

PS: Please rate helpful posts.

Hi Smitesh,

here my understanding so far: When I create a lookback  interface with a public ip address assigned by provider 1, this ip  address will be routed from the internet to provider 1 because it is a  subnet of the network of provider 1. When my circuit to provider 1 is  down, the ip traffic to this (provider 1) ip address will still go to  provider 1 and will be dropped there because my subnet (ip addresses  from provider 1) is no longer reachable. No other provider will route  the packet to my 2nd provider, because he is not the owner of the  provider 1 ip address (subnet).

IMHO that problem can  be only solved by an provider independend public ip address on the  loopback interface which is routed by both (primary and secondary)  providers (but this solution is out of scope because it is too  expensive).

Am I wrong?

Best regards,

Martin.