Can some one plz help regarding configuration of redundant Ipsec Tunnel over EIGRP. Currently all remote sites are connected with ipsec tunnel. How can i connect all remote sites auto with DR after down of DC(Priamry Tunnel).
Can you give more details regarding your environment? What types of devices are terminating your IPSec tunnels? Are the DC and DR locations separate? You have a few options that you can use. One would be a GRE over IPSec solution in which you will pin up two static IPSec tunnels, one to the DC and one to the DR. You will then overlay a GRE tunnel to each site over which you will run EIGRP. You can then influence path selection by modifying the EIGRP metric over the secondary path. Another potential solution would be DMVPN.
My DC and DR are on seperate locations connected with 35 Branches. All are Cisco Devices with series of 2800 and 3800 series.
I have configured DMVPN and trying to encrypt the Tunnel via IPSEC, issue is that traffic is not going to that tunnel. It usually going via WAN interface beacuse the EIGRP route update via WAN interface.. How can i divert all traffic via this Tunnel with DC and Redundant to DR.
Do you have any sample configuration of Redundant Tunnel over IPSEC with EIGRP.
I still don't have enough details about your setup to say for sure but it sounds like you need to modify the metrics in your IGP in order to influence path selection. If the primary WAN is available and you have an EIGRP adjacency via this link, then you will want this to be the lowest cost path in EIGRP. If the primary fails, then the DMVPN tunnel to the DC would be next followed by the tunnel to the DR. You can also look into route summarization in order to influence path selection based on prefix length.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :