Use more specific routes on the ASA to force the DMVPN traffic to the first router with SLA tracking and higher AD routes pointing to your ISP2 router.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of ccie_at_halawlaw.com
Sent: Monday, March 08, 2010 3:19 AM
To: ccielab_at_groupstudy.com
Subject: EIGRP Problem
Hi Group,
I am facing some routing problems with the EIGRP neighbors over the tunnel
interface of a DMVPN network with static load balancing.
Below is the topology
Hub:
--- ASA -------------- Router 1 ------- ISP1
-------------- Router 2 ------- ISP2
Branch
ASA ----------- Router ------ ISP3
I have configured basic DMVPN with no problems at first (BTW the
destination tunnel ip for the Branches is the secondary IP of the outside
interface of router 1 only) with EIGRP running on the ASAs and Routers.
Now we want to allow the Hub users to access the internet so we added a
default route on the ASA to point to the HSRP IP of the routers (router 1
being the active router with preempts enabled).
Till now everything is working fine until we are asked to implement load
balancing for the users to access the internet using both ISPs at the same
time.
So we added a new default route on the first router that points to the
Router 2 inside interface. With sla tracking in place, static load
balancing is working like a charm. However, we later noticed that some of
our eigrp tunnel neighbors are going up and down (Q count not being zero).
To solve this problem, we can either remove the new default route or add a
static route on router 1 to route the real ip of the branch router through
ISP1. The first solution is out of the question since we will lose the load
balancing we implemented for internet access and the second solution is not
possible since we don't have static real IP assigned in our branches.
Please note that we can reach our branches from both ISPs and that we
don't need to have load balancing for the VPN tunnel so I am ok if we can
configure the router with policy base routing to route my VPN traffic
through the first ISP only. Please note that I tested the PBR solution and
the eigrp neighbors kept on flapping.
I would really appreciate if someone can explain in detail how the EIGRP
neighbor relationship is being established in my scenario. I mean what
source and destination IP address is used to send hello packets and how the
eigrp proceed until the neighbors converge ( k values check...
)
Thanks for your help,
Regards
-Ahmad
Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 08 2010 - 13:42:30 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART