Our ISP is going to be giving us a new IP address for serial interface on HO router, which is also the VPN endpoint peer for our remote sites. Remote sites use 1720 routers with IPSEC/FW feature pack. I want to be able to add the new ip address to the remote sites' router configurations in advance of the transition so when the change is made they will seamlessly roll over to the new VPN endpoint. I have already modified the crypto map sections and the access lists, but would like guidance on the ip routing to make all of this work.
Current ip routing:
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 10.0.0.0 255.0.0.0 x.x.x.94 4
I need to add:
ip route 10.0.0.0 255.0.0.0 x.x.x.22 ?
What should I make the distance metric for the new route? I assume that it is the distance metric that will determine which route will be chosen and hence which VPN peer will be the endpoint? Will the remote routers automatically failover to the current ip route until the ip address reassignment ocurrs and then use the new ip address (and route)?
If the .22 is the new ip addr, then assign it with a
higher metric than the current one, so that it would act as a secondary link once the primary ip is changed. For the peer routers, you could have a second peer statement on the crypto map, so that when the tunnel goes down and they could not contact the first peer they would try to contact the second one.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :