Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

OSPF with Multiple IPSEC Tunnels and redundant routers.

I have an issue in our environement at the moment with our OSPF setup.

We have 2 edge routers with GRe over IPSec tunnels out to several remote sites. These routers are connected via our core router.

Each of the remote sites have 2 tunnels configured, 1 to each of the edge routers.

I've noticed an issue where the tunnel conection fails on on of the routers the OSPF does not re route via the other router.

What appear to happen is that Router A learns that  the remote network is adjecent to one of it's local subnets (the tunnel interface) and therefore advertises that it can reach the subnet. This prevents routing from working. From Edge router B you can access the remote network but from the Core the advertised route from Router A takes precedence.

The tunnels and remote site are in a different OSPF area from the core.

The only way to resolve this is to shutdown the relevant Tunnel interface on router A then everything starts to work again.

If anyone has any ideas I'd love to hear them.

Thanks and regards

Bruce

Everyone's tags (2)
3 REPLIES
Hall of Fame Super Silver

Re: OSPF with Multiple IPSEC Tunnels and redundant routers.

Bruce

I have read your description and looked at your diagram and am still not sure what is going on. When you describe that the tunnels and remote site are in a different OSPF area than the core it makes me wonder whether the edge routers are doing any kind of summarization of routes to the core?

Perhaps if you could post relevant parts of the edge router configs and the core config we might be able to supply better answers.

HTH

Rick

Hall of Fame Super Gold

Re: OSPF with Multiple IPSEC Tunnels and redundant routers.

I've implemented alot of this and I've never seen this behaviour before.  Can you post your config, as Rick mentioned?  What IOS and feature set are you using?

New Member

Re: OSPF with Multiple IPSEC Tunnels and redundant routers.

Turns out the solution was pretty simple. Keepalives were not set on the tunnel interfaces so they would stay up even when unable to connect.

Turning on keep alives means the router with the disconnected tunnel does not try to route through it's local network to the adjacent network.

Thanks for the replies though.

1129
Views
0
Helpful
3
Replies