Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure WAN failover to IPSec

Status
Not open for further replies.
wabob

wabob

IS-IT--Management
Sep 21, 2004
128
US
Hello. I am looking into implementing a WAN backup solution for some remote sites. The primary WAN connection right now is over MPLS to the router's serial interface, my company wants to have a backup internet connection to connect to the router's second fastethernet interface. If the main MPLS link goes down, after a delay of 5 minutes or so, all traffic would be sent out over an IPSec tunnel to a headend router at HQ.

I have thought about a weighted default route on the remote router pointing to a tunnel interface at the headend (using GRE over IPSec). Can a second default route be added if it's weighted? How can I configure a 5 minute delay for failover?

Any ideas on how I should go about this?
 
Sort by date Sort by votes
Hello
A delay of 5 minutes is a long outage for a network.Why not just let the tunnel kick in when the MPLS link goes down.In any case you could start implementing the backup and we should be able to find a solution to let you have the 5 minute wait.I have seen cisco backup setups with the delay command,but can remember exact configuration steps,will have to look it up for you.
Regards
 
Upvote 0 Downvote
I would advise to set the SLA pinging to the HQ over the main link, and if the pings do not come back then switch over.

I have seen cases in which the link was up but not sending anything.
 
Upvote 0 Downvote
IP SLA works fine also as long as it is configured properly. Have you thought about running a routing protocol in agreement with your Serivce Provider such as OSPF on the inside and BGP on the SP backbone?? If you can do that then simply have the routing protocol dynamically re-route the traffic for you.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I just used dynamic routing protocols for this; eBGP over the MPLS cloud (primary link), and EIGRP over a GRE-over-IPSec tunnel (backup link). It fails over and back properly. However, I still wish to have a five minute delay for connectivity to resume over to the primary link once it has been restored.

I tried the backup interface and backup delay commands on the serial interface, all they did was put the tunnel interface into a standby mode until failover. eBGP would resume immediately upon restoration of the primary link, and after the backup delay timer expired, the tunnel interface would go back to standby mode. In short, no effect on delaying the routing back to eBGP.

Any ideas?
 
Upvote 0 Downvote
do you have a particular reason for wanting the five minute delay in failover??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Management wants a delay in case the main link flaps or is being tested by the service provider. They are afraid this would cause the critical applications at the remote site to hose.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
139
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
195
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
166
bdk76
bdk76
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
142
BIS
BIS
DTGMI
  • Locked
  • Question
Moving from Juniper SRX-240 to Cisco ??
Replies
0
Views
110
DTGMI
DTGMI

Part and Inventory Search

Sponsor

Back
Top