[c-nsp] Changing the default EIGRP admin distance

Christopher J. Wargaski wargo1 at gmail.com
Wed Jan 26 13:08:59 EST 2011


Hello--

   We are implementing IPsec LAN to LAN tunnels with routers. There are two
main hubs (Chicago and Rosemont) and many remote offices; Chicago is the
default hub and Rosemont is the secondary. If the Chicago hub router dies or
the Chicago Internet circuit fails, the VPN tunnel will come up on the
Rosemont hub router.

Remote office (This IP is 1.2.3.4):
crypto map L2L-map 1 ipsec-isakmp
 description LAN to LAN tunnel for Chicgao & Rosemont (backup)
 set peer 3.4.5.6 default
 set peer 6.7.8.9
 match address Chicago-VPN
 ...

   On the Chicago and Rosemont routers, I am using reverse route injection
on the crypto map to insert the remote network's route into EIGRP when the
tunnel comes up as such:

Default hub peer (This IP is 3.4.5.6):
crypto map L2L-map 1 ipsec-isakmp
 description Test remote office
 set peer 1.2.3.4
 match address CJW-VPN
 reverse-route
 ...

   To avoid problems, I would like the route injected by the Rosemont router
to have a higher administrative distance than the route injected by the
Chicago router. On the 15.1(2)T2 IOS version, there is not an option to set
the administrative distance on the reverse route injection. Must I set the
administrative distance for the entire EIGRP AS, or is there a better way to
make these backup routes have a higher cost than that on the primary router?



cjw


More information about the cisco-nsp mailing list