Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1098
Views
0
Helpful
5
Replies

Prioritize GRE tunnel (usual)routes over ezVPN routes

baxta2712
Level 1
Level 1

‎11-25-2010 04:22 AM

     Hi Could anyone help me? I have head office and branches witch are connected to head office with GRE tunnels and takes OSPF routes, and beside GRE I want branch routers (881) to work as a EZVPN clients(HO is server) to provide backup and when GRE went down, all traffic to flow through VPN. but problem is when branch router is connected to head office through VPN all corporate traffic takes that direction, Is there any way to prioritize OSPF(GRE) routes over VPN?
It is very importent to me

Thanks in advance

Labels:
0 Helpful
5 Replies 5

Vikas Saxena
Cisco Employee
Cisco Employee

‎11-26-2010 06:21 AM

Can you provide a rough topology?

Are you saying that the same router which is doing GRE is acting as EzVPN client in the branches?

How many internet connections are there on the branch router?

>>but problem is when branch router is connected to head office through VPN all corporate traffic takes that direction

What is 'corporate traffic' is this brach side traffic -> HO or HO traffic -> branch?

0 Helpful

baxta2712
Level 1
Level 1
In response to Vikas Saxena

‎11-26-2010 06:32 AM

    Yes branche is doing GRE and acts as VPNclient There is two internet connection no the branch router but connection witch I want to be a backup is wireless mobile cellcicar connection witch provides us internal IP addresses from 10.x.x.x range and service provider is doing NAT. only variant to connect to HO through this connection is to connect as VPN client, but when I am connected to HO VPN server all traffic takes this direction, GRE and VPN server gives to BRANCH same internal routes.

    We have mail, SAP and many other services in HO and when primary connection is down we want to backup a lint to HO, I want, when no primary connection and no OSOF routes, VPN backup

0 Helpful

Vikas Saxena
Cisco Employee
Cisco Employee
In response to baxta2712

‎11-26-2010 06:51 AM

>>but when I am connected to HO VPN server all traffic takes this direction, GRE and VPN server gives to BRANCH same internal routes.

You are using OSPF for GRE.

Are you using RRI for EzVPN routes in the server.

Is your GRE and EzVPN server the same router?

If you are not using RRI then the return traffic should follow the default gw on the ezvpn server which has lesser admin distance than OSPF routes.

If you are using RRI then also the route which is going to reflect in the table is a static route with less admin distance than OSPF routes hence the confusion.

Could you post the routing table example from the HO router and the branch?

0 Helpful

baxta2712
Level 1
Level 1
In response to Vikas Saxena

‎11-29-2010 01:55 AM

   Yes, GRE and Ezvpn Server are the same routers, without RRI it does not work in client mode, in NEM it works without RRI but remote network appears in server routing table as "static routes" with AD of 1, can I modify this value? and another problem is when client disconnects this static routes stays in table. But I want NME in worth case, if there is no another choice.

   I want it to work in client mode, is it possible? Can you help me? it is very important to me

0 Helpful

uranthaci
Level 1
Level 1
In response to baxta2712

‎11-29-2010 05:05 AM

I'm not sure how ezVPN differs from DMVPN, but in DMVPN we use offset-list to split traffic.

You can match specific IP address range with offset-list and increase the metric for that range over a tunnel, and decrease for another IP range.

Tell me if you need more info.

0 Helpful
Customers Also Viewed These Support Documents