I am trying to configure an auto-failover of a location with a primary MPLS circuit/router, with a second cisco router with an IPSec tunnel. The backup router is up, the tunnel is up, but I've refrained from having a LAN connection made to this point so as not to incur a routing loop of any kind. As expected, I want to the backup connection/router to "take over" when the primary MPLS circuit drops. Any suggestions?
What routing protocols are you using? Typically MPLS providers support BGP. if this is the case I would peer EIGRP with your Asa and inject a default route. You can then inject all private routes plus a default over your MPLS cloud via bgp. I would then redistribute bgp to EIGRP on your MPLS gateway router and use the bgp backdoor 0.0.0.0 command. The ASA and mpls router should peer eigrp. This will lower the administrative distance to 190 from the ebgp learned default route on the MPLS
That way under normal conditions you will have a default route to your ASA and all private routes to your MPLS router. If the asa goes down the default route with 190 via bgp will be injected to the routing table. And everything will flow over the MPLS. If the MPLS goes down you will simply have a default route to your ASA and no private routes. If you build a IPSEC tunnel for backup, interesting traffic will hit the ASA and establish a VPN to the head end office. So long as it is configured properly.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...