Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IP sec

  We had one Branch office and one head office.


Each location we had 2 Routers(Primary and secondary) configured with EIGRP. Recently we implemented IPsec   for the traffic.


EIGRP route will take place in primary only. if i configured variance command  and if i did the load balancing.. Will traffice will go via IPsec. because IPsec was active on primary router only. If primary link goes then only IPSec was becaming active in Secondary router in this situation.. how traffice will go.


question 1.

 will load balance will work.  to reach the network we have route via 2 ways so if traffice go via EIGRP then it will work with out disturbance


question 2

But IP sec was active in primary only so traffic on primary router will encrypt and secondary will go with out encryption is possible? i am not sure about it


question 3


If IP sec was down then i am not able to reach the Branch office eventhough WAN Link is Up and route was there in EIGRP. so if IPsec configured we can reach branch office only IPsec was Up. then how load balance will work because secondary router it was showing down so  branch office will be not reachable eventhough route was there.. 


           Please clarify i am not sure wheather i am  conveyed my doubt clearly.




Hall of Fame Super Silver

While a little of your

While a little of your situation is clear there is much in your question that is not clear. It is clear that there are two sites and that each site has a primary router and a secondary router. It is clear that you implemented IPSec on the primary router but it is not clear whether IPSec is also implemented on the secondary router (I am assuming that it is not but it is not clear to me).


It is clear that EIGRP is running on the primary router and not clear whether EIGRP is also on the secondary router. It is also not clear whether EIGRP is running through IPSec on the primary router (goes over the WAN) or whether it is running only locally. You talk about variance and load balancing but it is not clear whether that has actually been done and whether there are actually two routes in the routing table for some destinations which would be necessary for load balancing.


I do not have enough information to answer questions 1 and 3. The answer to question 2 seems clear. If primary router has enabled IPSec and secondary router has not enabled IPSec then traffic going out primary router should be encrypted and traffic going out secondary router will go in the clear.





EIGRP was configured on both

EIGRP was configured on both routers and IPsec also configured both router.. IPsec was configured WAN  Peer IP of Branch is configured in head office and vice versa..  There is connection between Primary and Secondary router... Right now only one route was installed if we change variance then have chance to install 2 route.. 1 Route go via WAN directly other route go via Secondary and reach the WAN.. Sample rough diagram attached.

CreatePlease login to create content