ticowarehouse
Technical User
Hello Experts,
I have read and read an read...so I appreciate any help. I would like to configure outbound VPN with 2 ISP's since a new HWIC was installed on my 1841.
BGP is not an option because the internet links don't talk to each other.
I understand that this can be accomplished with ip sla and object tracking, but I don't know
if I need some tweaking with the VPN traffic so that it can failover or it this config will actually work.
Would like your input as it is on a live environment and I can't test on a lab.
My requirements are as follows:
1- I only need 1 host computer (172.16.4.20) to exit thru the second (Antena_NEW_Gateway) interface FA0/1/0 via VPN
with gateway 192.168.51.1 and to failover to the "original" default gateway (Rest network is using) in case it fails.
2- All my other VPN network traffic remains the same exiting thru my original default gateway (190.11.1.1)
Interfaces are as follows:
interface FastEthernet0/0
description OUTSIDE
ip address dhcp client-id FastEthernet0/0
crypto map 3desmap
!
interface FastEthernet0/1
description inside
ip address 172.16.4.60 255.255.255.0
!
interface FastEthernet0/1/0
description ANTENA_NEW_Gateway
ip address 192.168.51.2 255.255.255.0
crypto map acts1
ip policy route-map acts
Please let me know if I'm missing something. I created a different crypto map for the 2nd interface, I'm using the same transform-set and interesting traffic acl from before.
interface FastEthernet0/1/0
description ANTENA_NEW_Gateway
ip address 192.168.51.2 255.255.255.0
crypto map acts1
ip policy route-map acts
ip route 0.0.0.0 0.0.0.0 190.11.1.1
ip route host 172.16.4.20 192.168.51.1 track 123
ip route host 172.16.4.20 190.11.1.1 254
ip sla 1
icmp-echo 192.168.51.1
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
track 123 rtr 1 reachability
access-list 101 permit icmp any host 192.168.51.1 echo
route-map acts permit 10
Router(config-route-map)# match ip address 101
Router(config-route-map)# set interface FastEthernet0/1/0 Null 0
Router(config-route-map)# exit
If anyone can guide me in the right direction I'll appreciate it.
I have read and read an read...so I appreciate any help. I would like to configure outbound VPN with 2 ISP's since a new HWIC was installed on my 1841.
BGP is not an option because the internet links don't talk to each other.
I understand that this can be accomplished with ip sla and object tracking, but I don't know
if I need some tweaking with the VPN traffic so that it can failover or it this config will actually work.
Would like your input as it is on a live environment and I can't test on a lab.
My requirements are as follows:
1- I only need 1 host computer (172.16.4.20) to exit thru the second (Antena_NEW_Gateway) interface FA0/1/0 via VPN
with gateway 192.168.51.1 and to failover to the "original" default gateway (Rest network is using) in case it fails.
2- All my other VPN network traffic remains the same exiting thru my original default gateway (190.11.1.1)
Interfaces are as follows:
interface FastEthernet0/0
description OUTSIDE
ip address dhcp client-id FastEthernet0/0
crypto map 3desmap
!
interface FastEthernet0/1
description inside
ip address 172.16.4.60 255.255.255.0
!
interface FastEthernet0/1/0
description ANTENA_NEW_Gateway
ip address 192.168.51.2 255.255.255.0
crypto map acts1
ip policy route-map acts
Please let me know if I'm missing something. I created a different crypto map for the 2nd interface, I'm using the same transform-set and interesting traffic acl from before.
interface FastEthernet0/1/0
description ANTENA_NEW_Gateway
ip address 192.168.51.2 255.255.255.0
crypto map acts1
ip policy route-map acts
ip route 0.0.0.0 0.0.0.0 190.11.1.1
ip route host 172.16.4.20 192.168.51.1 track 123
ip route host 172.16.4.20 190.11.1.1 254
ip sla 1
icmp-echo 192.168.51.1
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
track 123 rtr 1 reachability
access-list 101 permit icmp any host 192.168.51.1 echo
route-map acts permit 10
Router(config-route-map)# match ip address 101
Router(config-route-map)# set interface FastEthernet0/1/0 Null 0
Router(config-route-map)# exit
If anyone can guide me in the right direction I'll appreciate it.
