Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2 GRE Tunnel in same router with 2 ISP

Hi all,

I would like to do VPN Load Balancing / Polciy Route VPN in cisco router from Branch to HQ. But using IPSec VPN only, we cant accomplish VPN Load Balancing / Multiple tunnel to same destination in simgle router. So I planned to use VTI(Virtual Tunnel interface) or GRE over IPSec.

Here is the setup

HQ :

LAN --- Cisco Router ---- Load Balancer  --- Multiple ISP link

Explanation : HQ having cisco router, and a Load Balancer which Multiple ISP link connected to it.

Branch:

LAN --- Cisco router -- ISP 1 & ISP 2

Explanation : Branch have cisco router and Both ISP 1 & 2 connected to same router (NO LoadBalancer)

Config template

---------------------------------------------------------------------------------

Branch Tunnel source  ----> Branch Tunnel destination

Branch ISP 1              -----> HQ ISP 1

Branch ISP 2              ----> HQ ISP 2

Branch have two Tunnel interface, each using one ISP link to establish tunnel to HQ ISP as above mentioned. But in here, the problem is, HQ router not directly connected to internet link as branch. So those tunnel destination IP in branch router configured is belongs to Load Balancer (not HQ router WAN IP). If let say i forward those IP from Load Balancer to HQ router (GRE), will the tunnel get established?  Is it must the internet link connected to router and the IP is belongs to the router itself?

Regards, Nagis
3 REPLIES
Hall of Fame Super Silver

2 GRE Tunnel in same router with 2 ISP

If you want the tunnel to terminate on the HQ router then the tunnel destination must be an address of the HQ router.

HTH

Rick

Re: 2 GRE Tunnel in same router with 2 ISP

Load balancer between gre tunnels and IPSec is a problem and will cause issues and complexity to you

Sent from Cisco Technical Support iPhone App

New Member

2 GRE Tunnel in same router with 2 ISP

HI all,

I want to policy route between two GRE Tunnel , not between GRE and IPSec ... Meaning to say 2 GRE Tunnel from Branch to HQ. Since I have multiple Branch with Dynamic IP, i planned to use DMVPN. Branch will have 2 two tunnel , each pointing destination IP to different HQ WAN link IP. But in HQ router , it would need to specify source IP , where its must match the destination IP which confgured in branch router.  The problem is, those source IP in HQ is not belongs to router. Its at HQ Load Balancer. Can I jus port forward (GRE) from LB to router ? is this would work? when I configured source IP which not belongs to HQ router, the router didnt give any error msg saying it must belongs to router IP.

Regards, Nagis
1726
Views
0
Helpful
3
Replies