[nsp] Cisco tunnel backup configuration

[Charlie Winckless]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<Problem statement snipped>

> At headquarters, I have a VPN 3000 which I would like
> to terminate the IPSEC GRE tunnel.  The company is
> running EIGRP as the routing protocol and I thought
> that I could configure the tunnel and let EIGRP handle
> failover.  However, I can't find that the Altiega/VPN
> 3000 supports EIGRP. Without the VPN 3000 supporting
> EIGRP, I'm not sure which would be the best way to
> handle failover.  
>  

You /could/ do higher AD static routes.

What I generally do in these situations is to deploy
an additional router (note that the VPN 3000 will not
terminate a GRE/IPSEC tunnel at all).

2600s (or even 1700s) work well for this on a small
scale, and let you have all the flexibility you need. 
I like the VPN3000, but mostly for remote user VPN.

(Note that I'd only use the 1700 in a very low traffic
enviroment, but it should scale to 'some' DSL type
tunnels)

> I was looking into running OSPF at the remote location
> and on the VPN concentrator.  Though, I would have to
> run EIGRP and OSPF on the core router at headquarters.
>  I have a cisco 2600 at the remote location and a
> heavily used 3600 core router at headquarters.  Does
> anyone have a similar configuration that wouldn't mind
> providing some advise?
> 
> Thanks,
> Jay
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPi2DEsrtF6HAen5cEQIHggCeOrq+P2VEFNOMP0aqtFbL04XpLLEAni/C
NRAWiUX2ya7lAjG0oqVupGqI
=lSnN
-----END PGP SIGNATURE-----
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/