VPN routing issue

gclow · ‎02-19-2002

Our ISP is going to be giving us a new IP address for serial interface on HO router, which is also the VPN endpoint peer for our remote sites. Remote sites use 1720 routers with IPSEC/FW feature pack. I want to be able to add the new ip address to the remote sites' router configurations in advance of the transition so when the change is made they will seamlessly roll over to the new VPN endpoint. I have already modified the crypto map sections and the access lists, but would like guidance on the ip routing to make all of this work.

Current ip routing:

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 10.0.0.0 255.0.0.0 x.x.x.94 4

I need to add:

ip route 10.0.0.0 255.0.0.0 x.x.x.22 ?

What should I make the distance metric for the new route? I assume that it is the distance metric that will determine which route will be chosen and hence which VPN peer will be the endpoint? Will the remote routers automatically failover to the current ip route until the ip address reassignment ocurrs and then use the new ip address (and route)?

Any help would be greatly appreciated!

Grant

cjacinto · ‎02-19-2002

If the .22 is the new ip addr, then assign it with a

higher metric than the current one, so that it would act as a secondary link once the primary ip is changed. For the peer routers, you could have a second peer statement on the crypto map, so that when the tunnel goes down and they could not contact the first peer they would try to contact the second one.

See related docs on:http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/vpne_an.htm