04-21-2009 10:08 AM - edited 02-21-2020 03:25 AM
Hello,
I have recently been tasked at my job with trying to configure a one-off. I have a Cisco 2811 that normally has a VPN connection back to our main office via a single interface. My crypto looks like the following:
crypto ipsec client ezvpn TEST
connect auto
group TEST key TEST
mode network-extension
peer 192.168.1.1
username test password test1
xauth userid mode local
I have a SVI configured as follows:
interface Vlan2
description **FW_INSIDE**
ip address 10.1.0.160 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
no autostate
crypto ipsec client ezvpn TEST inside
My Serial interface configuration as follows:
interface Serial0/0/0.1 point-to-point
ip address 172.16.1.5 255.255.255.252
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
no cdp enable
frame-relay interface-dlci 500 IETF
crypto ipsec client ezvpn TEST
The configuration works just fine. What I've been asked to do though is giving me problems. Lets say I have multiple Serial interfaces. And based on which one is turned on, or plugged in, it will utilize THAT serial interface to create the VPN tunnel.
So lets say I have Serial0 and Serial1. My company wants it that if Serial1 is plugged in, it will use Serial1 to create the tunnel. If Serial0 is plugged in and Serial0 is unplugged, it will use Serial0.
I hope the above nonsense actually makes sense. Basically, when this device is deployed, they don't want to have to go and do any reconfiguration on the router. They just want the system to be smart enough to know which interface is plugged in, up and active and use that interface to create the tunnel. Any assistance would be greatly appreciated.
04-23-2009 05:36 AM
You could create a mulitlink interface and add each serial interface to the bundle. Then apply your crypto map to the multilink interface. This is of course assuming you can use the same IP on either/both serial interfaces.
Example-
interface Serial0/2/0:0
no ip address
encapsulation ppp
multilink
ppp multilink group 2
interface Serial0/2/1:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
interface Multilink2
description MLPPP Link for Point-To-Point
ip ip address 172.16.1.5 255.255.255.252
ip route-cache flow
no ip mroute-cache
crypto ipsec client ezvpn TEST
ppp multilink
ppp multilink links maximum 4
ppp multilink group 2
ppp multilink fragment disable
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide