Yes, as long as it is 2 different routers at the Headquarters site it is quite possible for the spoke site to configure 2 IPSec/GRE tunnels running EIGRP or OSPF and to use one as primary and the other as a failover. I have configured this for a customer and it is working well.
This config looks pretty good. I have a couple of comments about it:
- the default bandwidth of a GRE tunnel is quite low. this has potential to impact EIGRP. so I generally specify a bandwidth for the GRE tunnel.
- you specify 2 transform sets, but they specify the same transforms. so you only need a single transform set. the same set can be used for both peers.
- this configuration will run EIGRP over both tunnels and will treat them as equal cost paths and will load share (which is not necessarily a bad thing). But your original message described wanting to have a primary and a backup. To achieve this configure an offset list under EIGRP and add something to prefixes advertised over one of the tunnels to make it the backup tunnel (you can either do offset list in and out on the spoke or do offset list in (or out) on both the spoke and the head end routers.
What you need for the Headquarters head end router would be quite similar:
- a single isakmp policy
- a single isakmp key per remote site
- a transform set
- a crypto map instance per remote site
- a GRE tunnel per remote site
- an access list per remote site
- a single crypto map assigned to the interface
- make sure that the tunnel address matches a network statement under EIGRP
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...