Cisco → Re: [HELP] BGP Failover to IPSEC

The MPLS is a full mesh, but if I lose my connection at site one, sites 2 and 3 can continue to talk, but site 1 would be completely offline. That's why I wanted to use the IPSEC as a failover.

I myself prefer EIGRP, very simple. How can I amke the VPN route cost more for failover?

Would it be as simple as saying in the config:

ip route 192.168.2.0 255.255.255.0 192.168.11.1 255.255.255.0 200

and let EIGRP handle the MPLS?

On EIGRP configuration, you should be able to set higher metrics or costs on Tunnel interfaces than the MPPP interface. This way your EIGRP would prefer MPPP over the GRE tunnel.

The following link shows two devices as the VPN peer. The two PIX provide IPSec tunnel. The two routers provide GRE tunnel which will ride over the IPSec tunnel. The same routers also pass dynamic routing (OSPF) to provide site-to-site IP routing.

Note that your routers run Advance IP Services which may only support GRE tunnel creation. When it is the case, you will then use the ASA to provide the IPSec tunnel. The sample configuration would apply to this situation.

Routers run OSPF and GRE, PIX-es provide IPSec
»www.cisco.com/en/US/tech ··· f6.shtml

When all routers IOS image version are something like Enterprise that support both GRE and IPSec tunnel creations, then you could have DMVPN setup as follow

DMVPN supporting RIP, OSPF, or EIGRP
»www.cisco.com/en/US/tech ··· 3e.shtml