Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
2
Replies

IP sec

Dinesh Kumar Mariappan
Level 1
Level 1

‎10-29-2014 06:10 AM - edited ‎03-05-2019 12:03 AM

  We had one Branch office and one head office.

 

Each location we had 2 Routers(Primary and secondary) configured with EIGRP. Recently we implemented IPsec   for the traffic.

 

EIGRP route will take place in primary only. if i configured variance command  and if i did the load balancing.. Will traffice will go via IPsec. because IPsec was active on primary router only. If primary link goes then only IPSec was becaming active in Secondary router in this situation.. how traffice will go.

 

question 1.

 will load balance will work.  to reach the network we have route via 2 ways so if traffice go via EIGRP then it will work with out disturbance

 

question 2

But IP sec was active in primary only so traffic on primary router will encrypt and secondary will go with out encryption is possible? i am not sure about it

 

question 3

 

If IP sec was down then i am not able to reach the Branch office eventhough WAN Link is Up and route was there in EIGRP. so if IPsec configured we can reach branch office only IPsec was Up. then how load balance will work because secondary router it was showing down so  branch office will be not reachable eventhough route was there.. 

 

           Please clarify i am not sure wheather i am  conveyed my doubt clearly.

 

             

 

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎10-29-2014 08:04 AM

While a little of your situation is clear there is much in your question that is not clear. It is clear that there are two sites and that each site has a primary router and a secondary router. It is clear that you implemented IPSec on the primary router but it is not clear whether IPSec is also implemented on the secondary router (I am assuming that it is not but it is not clear to me).

 

It is clear that EIGRP is running on the primary router and not clear whether EIGRP is also on the secondary router. It is also not clear whether EIGRP is running through IPSec on the primary router (goes over the WAN) or whether it is running only locally. You talk about variance and load balancing but it is not clear whether that has actually been done and whether there are actually two routes in the routing table for some destinations which would be necessary for load balancing.

 

I do not have enough information to answer questions 1 and 3. The answer to question 2 seems clear. If primary router has enabled IPSec and secondary router has not enabled IPSec then traffic going out primary router should be encrypted and traffic going out secondary router will go in the clear.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Dinesh Kumar Mariappan
Level 1
Level 1
In response to Richard Burts

‎10-29-2014 08:36 AM

EIGRP was configured on both routers and IPsec also configured both router.. IPsec was configured WAN  Peer IP of Branch is configured in head office and vice versa..  There is connection between Primary and Secondary router... Right now only one route was installed if we change variance then have chance to install 2 route.. 1 Route go via WAN directly other route go via Secondary and reach the WAN.. Sample rough diagram attached.

Preview file
15 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card