Floating static routes for VPN backup connectivity
I have a central location and four remote locations with a router at each location. I will have private leased lines for main WAN connectivity. I will also be using IPsec over GRE for VPN backups from each location to the central location over the public IP cloud. My plan is to configure EIGRP on each of the routers as well as "floating static routes" for the GRE tunnels.
My questions are:
1. Will this work to ensure that the VPNs are only used in the event that the main WAN connectivity goes down and that the VPNs are not used when the main WAN connectivity comes back up?
2. If the floating routes are configured for the GRE tunnels, will this prevent the EIGRP protocol from using the GRE tunnels as part of its topology?
3. Should this be the other way around (meaning should I configure static routes for the main WAN links and EIGRP for the GRE tunnels?)
4. If I do configure it as mentioned in question 3, won't the static routes have to be manually re-added to the table when the WAN links come back up (as opposed to GRE tunnels which are always considered up so the static routes would never be removed from the table)?
The idea is to get the VPN backups to work transparently without any manual adjustments to the router config. Any thoughts would be greatly appreciated. Thank you.
Re: Floating static routes for VPN backup connectivity
Your floating routing should work and to avoid EIGRP from being active on the GRE tunnel, do not include the IP address of the tunnel under the EIGRP process and for double protection make sure to mark this interface as passive (i.e. passive-interface tunnel x) under the EIGRP process.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...