Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Unstable IPSEC VPN connection

R1---T0----R2

---T1----

R1 have 2 public Interface.

R2 has 1 Public Interface.

DMVPN being setup between the two router

2 Tunnel being configure for the DMVPN.

IPSEC connection from R2 to R1 via Tunnel0 are stable and stay connect.

IPSEC connection from R2 to R1 via Tunnel1 are unstable and always disconnect after a few second the IPSEC being associated.

Question:

1)Can this setup work?

2) If i want to acheive VPN failover(provided the HQ Router(R1) has 2 Public interface, Branch Router(R2) has only 1 Public), Do I have other method?

thanks

1 REPLY
Anonymous
N/A

Re: Unstable IPSEC VPN connection

Each spoke has a permanent IPSec tunnel to the hub, not to the other spokes within the network. Each spoke registers as clients of the NHRP server.

When a spoke needs to send a packet to a destination (private) subnet on another spoke, it queries the NHRP server for the real (outside) address of the destination (target) spoke.

After the originating spoke "learns" the peer address of the target spoke, it can initiate a dynamic IPSec tunnel to the target spoke.

The spoke-to-spoke tunnel is built over the multipoint GRE interface.

The spoke-to-spoke links are established on demand whenever there is traffic between the spokes. Thereafter, packets can bypass the hub and use the spoke-to-spoke tunnel.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

299
Views
0
Helpful
1
Replies
CreatePlease to create content