I have an Cisco 1841 at one of our remote sites, that has a dual-homed internet connection. Planning on using PBR & IP SLA to use the internet connections in an Active/Standby pair, but also need to setup a VPN tunnel (actually a couple of tunnels) over the Active internet connection. Is this possible on the 1841's & 2811's, and if so, how would I go about setting it up?
That looks good for the VTI configuration. Will this work in conjunction with PBR & IP SLA in a dual-ISP scenario? Trying to setup a primary and secondary ISP connection, that can fail over automatically, yet still allow a VPN tunnel to function regardless of which ISP connection is the active one.
Using IP-SLA you are trying to achieve is basically entail a default route-failover when primary ISP circuits fails to standby one. So please read the below thread, shows how setup a default route-failover from one physical interface to another.
At the moment, I have an active GRE tunnel from one site to the data center. If I use either the IP-SLA or dynamic routing, will I still be able to have the tunnel functioning? Given that the Tunnel interface has to have a source command set on it, wasn't sure if there would still be some manual intervention necessary to fail over connectivity.
"If I use either the IP-SLA or dynamic routing, will I still be able to have the tunnel functioning?"
Yes, in the either case you can incorporate your existing tunnel as well.
In the existing GRE you use static route to push traffic from both end of tunnels and so, as far as IP-SLA is concern you use GRE interfaces as primary and backup with manupulating higher cost in the static-route as shown in the above thread.
Now, GRE tunnels when introducing dynamic routing protoco into equvation. In this senario your routing protocol will peer over GRE tunnel's interface IP addresses which are going over two separate circuits and you increase the delay on the one tunnel interface so that other circuit will be prefered over due to lower delay. When that circuit (i.e. lower delayed circute) goes down, EIGRP will start will using the backup circuit GRE tunnel.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...