Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


Good Day All,

We are configuring redundancy in this WAN setup as shown in the diagram.

We have two routers called PRI and SEC. Currently all the ISPS are connected to PRI and we have running smoothly WAN services to clients.

To have redundancy we bought new router and named it as SEC. To this router as well we have connectivity with the ISP’s shown in the diagram.


1.       The connectivity between our PRI and ISP’s is a fiber link. And we are using sub interfaces for each client.

2.       Client is connected to ISP with either with DSL (ATM) or Serial (Frame-relay) and ISP is using L2 MPLS to provide connectivity between our PRI and Client Router.

3.       We have given each client a range of ip adds like 172.18.1.x/24 to one customer and 172.18.2.x/24 to another.

4.       We are using IPSEC tunnel between our PRI router and client router like CUST A, in this tunnel the matching traffic permitted is are the IPs of VPN and the IPs which we have given to each customer.

5.       We are using static routes at both sides form customer and our PRI router.

The configuration for one of the customer connectivity has been attached.

Now to have redundancy if one of the ISP link fails the customer should be able to access the VPN services from the other redundant link provided by the same ISP which is connected to the SEC router.

We have laid out 2 options and need your suggestion whether it is ok or need to change something else.

Option 1: To have dynamic redundancy protocol on both the PRI and SEC routers and redistribute static routes and the connected ones. Use of HSRP on the both the router PRI and SEC and track the ISPs links if it fails the VPN will send the traffic for that particular through secondary link.

Option 2: To use dynamic routing protocol on both PRI and SEC router and VPN as well so that no need of HSRP to track the interfaces.

Do you have any suggestion please provide us.

And also we are looking to have dynamic routing protocol to be used on client side as well to shift incase one of the link fails.

Thanks for all your kind supporting nature.

Everyone's tags (3)