This is Jay Kishan. I work in Pakistan Petroleum Limited as a Network Associate. There is a little problem that i am facing recently. We have a Head Office in Karachi and a Remote Location is Islamabad. We are connecting them with a Primary DXX Link with an active VSAT Backup Link. As soon as the DXX Link goes down the VSAT Link comes up automatically. But the DXX Provider has introduced a few more non-cisco devices in the middle and now we have to create a tunnel from our ISB 2610 Router to KHI 3661 Router. The reason for creating the tunnel is that we dont want the DXX provider to know our network. But the problem that we have at our hand is that the tunnel never goes down as the interfaces on both the routers are connected to devices that wont go down. But there can be a problem in some other middle device because of which the link may not work. So the situation is that even the DXX Link isnt working the tunnel is still up and the VSAT Backup link doesnt come up. So how can i make sure that if the DXX Link stops working the tunnel could sense it and the VSAT Backup link comes up automatically. I will be very much thankful for any sort of help. Thanks in advance.
You can use Keepalive command on Tunnel interface at both side.
and route your traffic with higher metric towards VSAT.
This will help you as with this command keepalive messages with be sent between both ends and as soon as connectivity goes down due to any reason, Tunnel will go down.
But remember Please don't use Tunnel Mode ipip commands on both end tunnel configuration as with this command tunnel never goes down. This keepalive feature is avilable in only cisco GRE Tunnel Configuration.
Thanks for the reply. It was very helpful indeed. But one thing that i couldnt find is that there is not command such as KEEPALIVE on the tunnel interface. So, i just needed to know that whether this is a subcommand of another command cause i cant find the stand alone KEEPALIVE.
The GRE keepalive is a very nice feature and it does sound like it would solve your problem. It was introduced somewhat recently (I just looked at the notes and it indicates that it was introduced on some platforms in 12.2(8)T and a bit later on other platforms). What platform are you running this on and what version of code?
The configuration is pretty straightforward:
interface tunnel n
and it has optional parameters on the keepalive to specify how many seconds and how many retries.
If you router does not have keepalive as a command under the tunnel interface, then that is a good indication that the version of code that you are running does not have this feature. Would it be worth upgrading code to get this feature?
I suggest you to just once go through the below link and you will find solution to all your queries. I am very much sure that your problem will be resolved after this but Provided your Router version support this feature.
Thanks for your help guys. I am using 3661 with IOS 12.2.2T. It doesnt have the Keep Alive command. Anyways, i will definetly get the latest IOS and use the Keep Alive command. I will also look into this matter, but i will be very much thankful that if you tell me the hardware requirements for this IOS Release for 3661. Thanks in advance
There are some options about which release and which feature set you want to do the functions that you need. I looked at the Feature Navigator in CCO and for 3600 using the 12.4(17) release and the IP PLUS IPSEC 3DES feature set it requires 128 MB of RAM and 64 MB of flash.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...