Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ip sla & vpn with more than 2 Routers

Hi Everyone,

The problem is bellow :

First, I have 2 cisco routers with 2 links, the first link is primary and the second is a backup. I configured this classicaly by using ip sla (with icmp echo to verify the continuity of the link), than, I created 2 vpn each one on one link, that means that traffic always uses vpn between the two routers for the primary link and aloso for the backup link.

Now, I want to add another router and I want the same behavior between it and the first router.

Is it possible to connect the same interfaces on the first router (logically) to more than 2 routers and uses ip sla with evry link ?

Is it possible to use vpn in evry link here ? how ?

Image1.jpg

Config with only 2 routers is :

hostname Routeur_Siege

track 10 ip sla 1 reachability

delay down 1 up 1

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp policy 5

encr aes

authentication pre-share

group 2

crypto isakmp key vpnsttat address 3.3.3.3

crypto isakmp key Sttat*2012 address 4.4.4.4

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set STTAT-VPN esp-3des esp-sha-hmac

crypto map SDM_CMAP_1 1 ipsec-isakmp

set peer 3.3.3.3

set transform-set ESP-3DES-SHA

match address VPN-ACL

crypto map VPN-SEC 40 ipsec-isakmp

set peer 4.4.4.4

set transform-set STTAT-VPN

match address VPN-ACL

interface GigabitEthernet0/0

description SDSL

ip address 1.1.1.1 255.255.255.248

ip nat outside

ip virtual-reassembly in

ip tcp adjust-mss 1300

duplex auto

speed auto

crypto map SDM_CMAP_1

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1300

duplex auto

speed auto

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1

interface Dialer1

description Connection_Secondaire

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname ************

ppp chap password 0 *************

ppp pap sent-username *********** password 0 *********

crypto map VPN-SEC

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map MAP interface Dialer1 overload

ip nat inside source route-map MAP-2 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 Gi0/0 track 10

ip route 0.0.0.0 0.0.0.0 Dialer1 20

ip access-list extended LAN-ADSL

......

ip access-list extended VPN-ACL

.....

ip sla 1

icmp-echo 3.3.3.3 source-interface GigabitEthernet0/0

threshold 2000

timeout 2000

frequency 5

ip sla schedule 1 life forever start-time now

route-map MAP permit 10

match ip address LAN-ADSL

match interface Dialer1

route-map MAP-2 permit 10

match ip address LAN-ADSL

match interface GigabitEthernet0/0

Everyone's tags (9)
407
Views
0
Helpful
0
Replies
CreatePlease to create content