thanks Harish, i will ask my

saif akbar · ‎10-02-2014

Hi,

We have mpls setup btw 3 sites. i recently setup IPSec tunnel btw 3 sites for backup. Now if i shut the interface on my core where the MPLS router is connected, i lost the connectivity btw sites, even though i have setup static routes.

E.g

static route btw sites for MPLS is;

10.1.0.0 255.255.0.0 10.12.0.4

10.2.0.0 255.255.0.0 10.12.0.4

The VPN router IP address is 10.11.0.4 and i have setup below static route

10.1.0.0 255.255.0.0 10.11.0.4 5 (metric)

10.2.0.0 255.255.0.0 10.11.0.4 5(metric)

when i bring down the MPLS router the traffic hits the 10.11.0.4 ACL but not working. the route in VPN router is as under

0.0.0.0 .0.0.0.0 169.34.9.8

10.0.0.0 255.255.0.0 10..11.0.1

any guidance/help would be appreciated.

Marius Gunnerud · ‎10-03-2014

Do you have DMVPN setup between the sites? If so, the spoke sites need to check in with the Hub site before it can establish a tunnel between the two spoke sites. So here you would either need to set up a second hub router, or configure a full mesh s2s tunnel setup...ie. configure static IPsec tunnels between all sites.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Harish Balakrishnan · ‎10-09-2014

Hello

It should be the problem with the reverse routing.. Lets say for example, in Site 1 you have done the backup and you made the link down between router and the switch. So the switch takes the floating static route and forward the traffic to VPN router ( thats why you can see the hits) , though VPN might forward the traffic to the destination site -2, their the reverse route is still towards the MPLS router and the traffic drops

Hope this helps

Harish

saif akbar · ‎10-09-2014

HI Harish,

What you are saying is making lots of sense. How can i make the site 2 traffic towards VPN, with out shutting down the MPLS interface ?

Harish Balakrishnan · ‎10-09-2014

Hello

There are couple of solution we can do here.. One is to run a protocol over the VPN and make the routing decision dynamic across both MPLS and VPN so that when an MPLS failure occurs , the site-2 will automatically remove the route towards your mPLS router and install the one with VPN router.. It really depends how is your setup and what kind of protocol you r running over MPLS..

Harish

saif akbar · ‎10-09-2014

we are using EIGRP btw sites, however i have static route to the MPLS router and i don't have access to that MPLS router. Can you send me an example or what i should ask my Vendor to configure on their MPLS router ?

thank you for your prompt reply though.

Harish Balakrishnan · ‎10-09-2014

Hello

Is it possible to extend the eigrp till your core switch ?.. Please check that with vendor and if that is possible, you will learn mpls-site routes through eigrp and you can also run eigrp over vpn and between core switch and vpn routers .. then all about manipulating the metric ( increase the link delay from core switch to VPN router so that it will be least preferred)

regards

Harish.

saif akbar · ‎10-09-2014

thanks Harish, i will ask my vendor. Also, Can you send me some config examples ?

MPLS failover