From: David Mitchell (david.mitchell@centientnetworks.com)
Date: Thu Sep 21 2006 - 16:33:14 ART
High Availability IPSEC might be what you are looking for. You can
search the DOC CD for information on it.
Basically you configure A & B with HSRP on the outside interface, and
either router is capable of initiating the tunnel to router C. The
destination route as defined by your crypto ACL is then injected into
the local routing protocol using Reverse Route Injection.
- Dave
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Niedens, Travis
Sent: Thursday, September 21, 2006 2:03 PM
To: ccielab@groupstudy.com
Subject: VPN backup route question
I am trying out a scenario that I don't think is possible to solve but I
was wondering if I could get someone in the group to look this over.
I have a lab with 3 routers. Routers A and B act as VPN remote routers
to router C. There is connectivity between routers A and B via a switch.
Both A and B have an IPSEC tunnel to router C to reach a network behind
router C. I would like to set it up so that if router A loses the tunnel
but still has connectivity to router B that it can re-route traffic to
router B so the traffic still flows to router C. I know you can do this
with OSPF over GRE/IPSEC however I don't want to do it this way. Don't
floating static routes get ignored in the decision making process for
routing VPN traffic?
Thanks,
Travis
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART