Posting up as plaintext for better readability
jmsam-argentina01#show run
Building configuration...
Current configuration : 8685 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jmsam-argentina01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 [snip]
enable password barlow1
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
!
!
aaa session-id common
clock timezone EST -5
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
ip host JM_MW_MGMT 192.168.151.191
ip name-server 198.6.100.25
ip name-server 198.6.100.38
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username carlton secret 5 [snip]
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.252.0.161 255.255.255.252
!
interface Loopback1
description MPLS Failover Loopback
ip address 10.250.5.1 255.255.255.255
!
interface Tunnel0
no ip address
!
interface Tunnel101
description Tunnel to JMSAM-Brasil01
bandwidth 1536
ip address 10.252.3.6 255.255.255.252
ip hello-interval eigrp 65100 10
ip hold-time eigrp 65100 180
ip tcp adjust-mss 1340
no ip mroute-cache
delay 70000
tunnel source xx.xx.xx.xx.
tunnel destination 200.178.56.238
crypto map JMAT-VPN
!
interface Tunnel102
description Tunnel to jmeu-london-colo02
bandwidth 1536
ip address 10.9.249.158 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip hello-interval eigrp 65100 10
ip hold-time eigrp 65100 180
ip virtual-reassembly
ip tcp adjust-mss 1340
ip summary-address eigrp 65100 0.0.0.0 0.0.0.0 5
no ip mroute-cache
delay 70000
keepalive 4 6
tunnel source xx.xx.xx.xx
tunnel destination xx.xx.xx.xx
crypto map JMAT-VPN
!
interface Tunnel200
description Tunnel to jmna-wayne01
bandwidth 1536
ip address 10.252.0.165 255.255.255.252
ip mtu 1380
ip flow ingress
ip hello-interval eigrp 65100 10
ip hold-time eigrp 65100 180
ip summary-address eigrp 65100 0.0.0.0 0.0.0.0 5
qos pre-classify
keepalive 4 6
tunnel source xx.xx.xx.xx
tunnel destination x.xx.xx.xx
crypto map JMAT-VPN
!
interface Tunnel201
description Trigger tunnel to Wayne01
backup interface Tunnel200
ip address 10.252.3.162 255.255.255.252
keepalive 5 3
tunnel source Loopback1
tunnel destination 10.252.0.177
!
interface FastEthernet0/0
description Inside Interface to ASA firewall
ip address 192.168.191.35 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
standby 2 ip 192.168.191.33
standby 2 priority 110
standby 2 preempt
no mop enabled
!
interface FastEthernet0/1
description Interface to ISP
ip address xx.xx.xx.xx 255.255.255.248
ip access-group ALLOWED-TRAFFIC-FROM-INTERNET-FASTETHERNET0/1 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map JMAT-VPN
!
interface Dialer1
no ip address
!
router eigrp 65100
redistribute static metric 1500 1000 255 1 1500 route-map static-to-eigrp
network 10.0.0.0
network 192.168.191.32 0.0.0.31
no auto-summary
no eigrp log-neighbor-changes
!
no ip http server
no ip http secure-server
!
ip flow-cache timeout active 1
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 192.168.151.176 2055
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip tacacs source-interface Loopback1
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 10 permit 58.84.235.133
access-list 10 permit 81.136.214.30
access-list 10 permit 121.98.128.38
access-list 10 remark VTY ACCESS
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 202.37.48.0 0.0.3.255
access-list 11 remark TELNET-BLOCK
access-list 11 deny any log
access-list 16 remark connected-networks
access-list 16 permit 192.168.170.0 0.0.0.255
access-list 17 permit 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
route-map rip-to-eigrp permit 10
match ip address 17
!
route-map static-to-eigrp permit 10
match tag 222
!
route-map connected permit 10
match ip address 16
!
!
snmp-server community public RO
snmp-server community jm RO
snmp-server community JM RO
snmp-server community JMGCABNS RW
snmp-server enable traps tty
snmp-server host 192.168.151.154 [snip]
tacacs-server host 192.168.1.222
tacacs-server directed-request
tacacs-server key [snip]
!
control-plane
!
!
!
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password barlow1
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
jmsam-argentina01#show ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.191.35 YES NVRAM up up
FastEthernet0/1 200.26.114.178 YES NVRAM up up
NVI0 192.168.191.35 YES unset up up
SSLVPN-VIF0 unassigned NO unset up up
Dialer1 unassigned YES NVRAM up up
Loopback0 10.252.0.161 YES NVRAM up up
Loopback1 10.250.5.1 YES NVRAM up up
Tunnel0 unassigned YES NVRAM up down
Tunnel101 10.252.3.6 YES NVRAM up up
Tunnel102 10.9.249.158 YES NVRAM up up
Tunnel200 10.252.0.165 YES NVRAM up up
Tunnel201 10.252.3.162 YES NVRAM up down
jmsam-argentina01#
So if I got this right, Tunnel 201 should be the primary / in use; if it goes down, Tunnel 200 should go active?
If so, I think the clue's right in your "sh ip int bri" output
Tunnel200 10.252.0.165 YES NVRAM up up
Tunnel201 10.252.3.162 YES NVRAM up down
Read here -- "The router must detect that the primary interface line protocol is down for it to activate the backup link."
I haven't done "backup interfaces" since my CCNA lab days... I'm wondering if IP-SLA and OER isn't a better way to do this...
My 00000010bits
Regards