Tunnel Monitor Query

Reply
Highlighted
L1 Bithead

Tunnel Monitor Query

I want to configure an IPSec VPN tunnel with redundant VPN peers primary peer "A" using tunnel1 and secondary peer "B" (if "A" goes down) using tunnel2.

 

I can configure failover using Tunnel Monitoring, but my question is "Why are routes to my VPN peer network installed in the routing table using tunnel1 (more preferred) over tunnel2?". I cannot see where we say tunnel1 is the primary, routes via tunnel2 should only be installed if tunnel1 goes down?

 

Note: I am not considering failover using static route monitoring at this time.

 

Highlighted
L7 Applicator

Re: Tunnel Monitor Query

if a vpn tunnel goes down the interface is not necessarily 'down', a monitoring profile set to 'failover' will bring it down

 

routes on an interface will stay in the routing table as long as the interface is up, when monitoring brings down the interfaces, the route will disappear and the next lowest metric will pick up the traffic (tunnel 2 with a higher metric)

reaper - PANgurus.com
I drink and I know things
Highlighted
Cyber Elite

Re: Tunnel Monitor Query

Hello,

I also use Policy Based Forwarding to prefer the primary endpoint so that if it goes down then the PBF no longer takes effect and the Virtual router takes over. I also put OSPF on both ends with metrics so there is no weird routing loops.

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!