I have two 7140's running BGP and they are going to two different ISP's. The two 7140's are connected together via ethernet on the inside network. One of these 7140's does VPN terminations on the serial interface (going to ISP). Depending on what path is taken from the Internet, the VPN connection may or may not come directly to the 7140 serial interface (the one running VPN). The problem is, if a packet leaving the inside network going to a VPN client, may not leave through the VPN router (depending on BGP path), therefor the packet is not encapsulated going out, so it never gets to its destination.
My question is, is there a way to force the packet to go out the same way the connection came in?
That is a good question. I can tell you what I know. Obviously the packet is going to follow the routes the router has in its table. Theres nothing you can do to the packet itself that will force it back through the same router. Without having more information the only thing I can suggest is using a static route. If you get an answer on this, please post it!
I can think of one thing you may be able to do. It is dependent upon the type of vpn. You could do some policy based routing. This will work is you have another router (in the private network) behind the 7140's and you are doing LAN to LAN VPN. Lets say that the 7140 is router A, the router behind it to router B and the remote network for the VPN is 10.0.0.0. What you can do on router B is tell it to route all traffic destined for network 10.0.0.0 to router A.
you can do this very easily with route filters, access-lists and route maps.
the easiest way would be to deny that type of traffic on the undesirable interface and allow it on the desireable interface. Most of this is on cisco's website. Check it out. It will save you a lot of time and research in the future.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :