Hi, i've recently suceeded the following deployment:
2 x 1841 (Main Offices)(different ISP's on each one)
11 x 871 (Branch Offices)
I've used DMPVNP, using GRE(eigrp)/Ipsec tunnels for that, every 871 in the branch offices requires two tunnels, one heading a 1841 and the second one heading the other 1841, so i can get a suscessfull failover method when any of the ISP's in the Main site goes down.
My question is:
Is there any way to get the same failover topology using just one 1841 in the main site?
Is it possible to use only one 1841 alone with two different ISP's so if any of the two tunnels go down the other one keeps the branch offices up?
Yes, you have to way to configure that, the simple one is configuring 2 default routes with different cost for each one, the problem with this is in the case you have a ethernet link that will never take the interface down, in this case you can use the IP sla monitor function to acomplish this, just be aware of the IOS version, if any command is not supported it's because of your IOS version/router model, use this configuration:
ip sla monitor 10
! this is the gateway you are monitoring
type echo protocol ipIcmpEcho 201.91.149.X
ip sla monitor schedule 10 life forever start-time now
! the ip sla #10 must match the schedule #10
! add a route to reach the gateway or the host you are pinging for link test
ip route 201.91.149.x 255.255.255.255
!create a track and tie it with the IP sla #
track 10 rtr 10 reachability
!create a route map and put it inside the inside interface of the router or the tunnel in the case of DMVPN
route-map roteamento permit 100
match ip address pontelnk
set ip next-hop verify-availability 10.100.1.253 10 track 10
set ip next-hop 10.100.1.15
! This says the next hop for IPs matching access list pontelnk is 10.100.1.253 if the trak # 10 is up, otherwise use the 10.100.1.15
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...