I have Site A whose VPN router has two VPN tunnels built to two sites. To Site B it connects to a VPN Concentrator with a site to site ipsec tunnel (doing reverse-route injection), and to Site C it connects using a GRE tunnel and runs EIGRP over it. Both B and C can talk to each other through, say, over WAN. I want Site A to be able to route to Site B via Site C in case the concentrator fails in B. The problem I'm running into is that the site to site tunnel will never attempt to build becuase it is already aware of Site B via EIGRP with Site C. Is there a way to force the tunnel to build? Once it is built because of the static route it will prefer it over EIGRP but the problem is getting the tunnel to come in the first place. Obviouslty if I prevent EIGRP from happening the tunnel will come up but I can't do that everytime the router reboots or something.
Site A ===== GRE Tunnel , running EIGRP === Site C
In order to allow communication between SiteA and SiteC through SiteB: There must be a site-to-site that should be established between SiteA and SiteC and between Site C and Site B. (to take over when SiteA-SiteB fails). Do you want to enable a Site-to-Site between A-C/C-B?
Lets say Site C and B exchange routing information via BGP over MPLS but Site A is not part of MPLS and I don't want to establish another site to site from A to C as there is a GRE tunnel already between the two. Is there any other way?
So if I understand correctly, the question can be reduced to "how can I make sure the L2L between A and B comes up (and stays up) automatically, even when the route to the B network are pointing to C" ?
Here's an idea: find (or allocate) an ip address at site B, that is not used for regular traffic.
On A, configure a static route to that single IP, going over the tunnel to B.
Then configure something that sends traffic to that IP address at regular intervals. E.g. NTP, IP SLA, ...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :