DMVPN Dial Backup

Hi,
I need to configure a DMVPN with Dial Backup, my intention is when to fall interface ADSL, my router 837 make a call to local ISP by Console port and close the DMVPN in this interface, that is possible???..Somebody has some configuration as example? Thanks.

I've been reviewing that document over and over, but it only appears to work properly with static IPs, and I will need to use DHCP. There was another document talking about RSR with DHCP, but I still couldn't get it to work properly. Here's why...
My default route is the hubs tunnel address. Then I have a /32 route for the public-facing IP of the hub, via DHCP.
The above-mentioned document doesn't function this way, because they assume that your default route is placed by DHCP. Additionally, I can't seem to find a way to work without my default route pointing the the hub tunnel address.

Similar Messages

Dial Backup method to use on an 1811 ISR

I am confused as to the methods available to implement Dial Backup on an 1811 ISR.
My router's WAN is connected to a cable modem via FA0.
In reading the 1811 software configuration guide (chapter 13, page 13-5), I have viewed a table listing "Dial Backup Feature Limitations".
I do not know how to interpret this table.
Is it telling me that Dial Backup on an 1811 is not possible using my "Normal IP cable modem senario"?
Any insight into this issue is gratefully appreciated.
regards

Before delving into technicalities.
Where would you dial backup to ?
Do you have the needed experience or certification to configure Cisco routers ?

Need help on dial backup with ISP

I've been googling around a couple hours and can't find a simple configuration for dial backup to an Internet Service Provider.
So far, what I've been able to find is direct dialing to routers and dial backup using ISDN.
All I need is for a router to dial. The ISP uses PAP/CHAP authentication and dynamically assigns IP addresses to dialup accounts.
I have an 1841 router with a T1 line on S0/0/0. I want it to fail over to the modem on the AUX port and use that as the new default gateway for all traffic.
Any help is appreciated.

I think you can use Dial on Demand Routing (DDR) as described here:
http://www.cisco.com/en/US/tech/tk801/tk133/tsd_technology_support_protocol_home.html
and this particular guide as well:
http://docwiki.cisco.com/wiki/Internetwork_Design_Guide_--_Designing_DDR_Internetworks#Dial_Backup_for_Leased_Lines
Basically your dial connection will not be active until certain traffic will pass through.
Now, to pass traffic only when primary is down, you can define a static floating route as explained above, which is a route with a higher admin distance than the default one, so if the normal route is up, nothing will pass to the dialer, if it's down, the route to the dialer will be used.
To detect that primary route is down, either use dynamic routing or route tracking as suggested.
I hope that helps.
Regards,
bastien.

Dial-backup - business hours limit

Hi everybody,
I´m working in a lab that includes dial-backup for a VSAT link (satellite link). This part of the lab is working excelent, dial-backup goes up when the VSAT connection is lost, and goes down when the VSAT link is recovered.
So, all is ok but... I need to grant dial-backup access only in business hours (ex: 9 am to 5 pm) and deny these the rest of the day.
I worked with time range + access list + dial-list but it didn´t work for me. I was following the steps of this link: http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080094089.shtml.
Is there other way to do this or other idea?
Regards.

Todd,
Sorry for the delay but i was on vacation. At below you´ll find the configuration, specifically highlighted in red the configuration regarding to block dial-in connections. This configuration intends to permit the dial-in connections only on business hours. I know that just is blocking IP traffic but I did not find a way to block PPP or other protocol in a low level.
Could you help me?
Thanks in advance.
Current configuration : 18107 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname central
boot-start-marker
boot-end-marker
logging message-counter syslog
no logging buffered
no logging console
enable password CVMSLoA
aaa new-model
aaa authentication ppp default local
aaa authorization exec dafault local
aaa session-id common
memory-size iomem 30
dot11 syslog
ip source-route
ip cef
ip domain name test_dbkp
no ipv6 cef
multilink bundle-name authenticated
PURPOSELY REMOVED
username alumine password 0 alumine
username senillosa password 0 senillosa
interface Loopback0
ip address 192.168.2.1 255.255.255.255
interface FastEthernet0/0
description to TELCO1
ip address 10.1.176.1 255.255.255.248
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
analysis-module monitoring
service-policy output CUSTOMER_QoS
interface FastEthernet0/1
description to TELCO2
ip address 10.1.176.9 255.255.255.248
duplex auto
speed auto
analysis-module monitoring
interface FastEthernet0/1/0
interface FastEthernet0/1/1
interface FastEthernet0/1/2
interface FastEthernet0/1/3
interface Integrated-Service-Engine1/0
ip unnumbered Vlan1
ip nbar protocol-discovery
service-module ip address 10.1.48.253 255.255.255.0
!Application: running
service-module ip default-gateway 10.1.48.1
no keepalive
interface Vlan1
ip address 10.1.48.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
no autostate
interface Async1
no ip address
encapsulation slip
async mode interactive
no peer default ip address
interface Async0/0/0
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/1
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/2
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/3
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/4
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/5
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/6
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode interactive
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
interface Async0/0/7
ip unnumbered Loopback0
encapsulation ppp
async dynamic address
async mode dedicated
no peer default ip address
dialer-group 2
ppp authentication chap
routing dynamic
router bgp 1
no synchronization
bgp log-neighbor-changes
network 10.1.48.0 mask 255.255.255.0
network 10.222.48.0 mask 255.255.255.0
network 192.168.2.1 mask 255.255.255.255
neighbor 10.1.176.25 remote-as 4
neighbor 10.1.176.25 ebgp-multihop 255
neighbor 10.1.176.33 remote-as 5
neighbor 10.1.176.33 ebgp-multihop 255
neighbor 10.1.176.41 remote-as 6
neighbor 10.1.176.41 ebgp-multihop 255
neighbor 10.1.176.49 remote-as 7
neighbor 10.1.176.49 ebgp-multihop 255
neighbor 10.1.176.57 remote-as 8
neighbor 10.1.176.57 ebgp-multihop 255
neighbor 10.1.176.65 remote-as 9
neighbor 10.1.176.65 ebgp-multihop 255
neighbor 10.1.176.73 remote-as 110
neighbor 10.1.176.73 ebgp-multihop 255
neighbor 10.1.176.81 remote-as 11
neighbor 10.1.176.81 ebgp-multihop 255
neighbor 10.1.176.89 remote-as 12
neighbor 10.1.176.89 ebgp-multihop 255
neighbor 10.1.176.97 remote-as 13
neighbor 10.1.176.97 ebgp-multihop 255
neighbor 10.1.176.105 remote-as 14
neighbor 10.1.176.105 ebgp-multihop 255
neighbor 10.1.176.113 remote-as 15
neighbor 10.1.176.113 ebgp-multihop 15
neighbor 10.1.176.121 remote-as 16
neighbor 10.1.176.121 ebgp-multihop 255
neighbor 10.1.176.129 remote-as 17
neighbor 10.1.176.129 ebgp-multihop 255
neighbor 10.1.176.137 remote-as 18
neighbor 10.1.176.137 ebgp-multihop 255
neighbor 10.1.176.145 remote-as 19
neighbor 10.1.176.145 ebgp-multihop 255
neighbor 10.1.176.153 remote-as 20
neighbor 10.1.176.153 ebgp-multihop 255
neighbor 10.1.176.161 remote-as 21
neighbor 10.1.176.161 ebgp-multihop 255
neighbor 10.1.176.169 remote-as 22
neighbor 10.1.176.169 ebgp-multihop 255
neighbor 10.1.176.177 remote-as 24
neighbor 10.1.176.177 ebgp-multihop 255
neighbor 10.1.176.185 remote-as 25
neighbor 10.1.176.185 ebgp-multihop 255
neighbor 10.1.176.193 remote-as 220
neighbor 10.1.176.193 ebgp-multihop 255
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.176.6
ip route 10.1.48.253 255.255.255.255 Integrated-Service-Engine1/0
ip route 10.1.176.0 255.255.255.0 10.1.176.2
ip route 10.1.176.24 255.255.255.248 10.1.176.10
ip route 10.1.176.40 255.255.255.248 10.1.176.10
ip route 10.1.176.64 255.255.255.248 10.1.176.10
ip route 10.1.176.72 255.255.255.248 10.1.176.10
ip route 10.1.176.88 255.255.255.248 10.1.48.16
ip route 10.1.176.152 255.255.255.248 10.1.176.10
ip route 10.1.176.200 255.255.255.248 10.1.48.16
ip route 10.1.176.208 255.255.255.240 10.1.48.16
ip route 10.1.176.248 255.255.255.248 10.1.176.10
ip route 10.2.48.0 255.255.255.0 10.1.176.2
ip route 10.3.48.0 255.255.255.0 10.1.176.2
PURPOSELY REMOVED
access-list 1 permit 192.168.150.199
access-list 1 permit 10.1.176.2
access-list 1 permit 10.1.176.6
access-list 1 permit 10.1.48.0 0.0.0.255
access-list 1 permit 10.222.48.0 0.0.0.255
access-list 101 permit ip any any time-range BUSINESS-HOURS
access-list 101 deny ip any any
dialer-list 2 protocol ip list 101
snmp-server community RTPE-T-2 RO
snmp-server community RTPE-R-2 RO
snmp-server community RTPE-W-2 RO
snmp-server location CCTE
snmp-server contact AREA C+T
snmp-server host 10.1.48.19 RTPE-T-2
snmp-server host 10.1.48.219 RTPE-T-2
control-plane
voice-port 0/2/0
voice-port 0/2/1
voice-port 0/2/2
voice-port 0/2/3
dial-peer voice 1 pots
preference 1
destination-pattern *1
port 0/2/0
dial-peer voice 2 pots
preference 2
destination-pattern *1
port 0/2/1
dial-peer voice 3 pots
preference 3
destination-pattern *1
port 0/2/2
dial-peer voice 4 pots
preference 4
destination-pattern *1
port 0/2/3
dial-peer voice 5 pots
preference 1
destination-pattern [5-7]...
port 0/2/0
forward-digits all
dial-peer voice 6 pots
preference 2
destination-pattern [5-7]...
port 0/2/1
forward-digits all
dial-peer voice 7 pots
preference 3
destination-pattern [5-7]...
port 0/2/2
forward-digits all
dial-peer voice 8 pots
preference 4
destination-pattern [5-7]...
port 0/2/3
forward-digits all
dial-peer voice 9 voip
destination-pattern 199
session protocol sipv2
session target ipv4:10.255.48.227
no vad
dial-peer voice 10 voip
destination-pattern 101
session protocol sipv2
session target ipv4:10.3.48.3
no vad
dial-peer voice 11 voip
destination-pattern 102
session protocol sipv2
session target ipv4:10.3.48.35
no vad
dial-peer voice 12 voip
destination-pattern 103
session protocol sipv2
session target ipv4:10.3.48.67
no vad
dial-peer voice 13 voip
destination-pattern 121
session protocol sipv2
session target ipv4:10.2.48.3
no vad
dial-peer voice 14 voip
destination-pattern 122
session protocol sipv2
session target ipv4:10.4.48.3
no vad
dial-peer voice 15 voip
destination-pattern 123
session protocol sipv2
session target ipv4:10.18.48.3
no vad
dial-peer voice 16 voip
destination-pattern 131
session protocol sipv2
session target ipv4:10.12.48.3
no vad
dial-peer voice 17 voip
destination-pattern 132
session protocol sipv2
session target ipv4:10.220.48.3
no vad
PURPOUSLY REMOVED
line con 0
line aux 0
stopbits 1
line 0/0/0 0/0/7
modem InOut
autoselect ppp
stopbits 1
speed 57600
flowcontrol hardware
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
access-class 1 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 1 in
privilege level 15
scheduler allocate 20000 1000
time-range BUSINESS-HOURS
periodic daily 09:00 to 17:00
end

Urgent--dial backup with a PPPOE configuration

Hi all. I have a pppoe for my DSL connection. I cannot get the dial backup to work while the dsl is working.

Hi,
I think there are few problems:
1. the backup interface command should be applied under the dialer interface
2. the dialer interface will never go down unless you shut it
Let' try to configure dialer watch (http://www.cisco.com/en/US/docs/ios/12_0/dial/configuration/guide/dcdbakdw.html) or may be enhanced object tracking (http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html).
Hope it helps, rate if does
Krisztian

AS5300 RAS and Dial Backup

We have an AS5300 that currently supports 5 RAS dial-in users. I would like to expand the use of the AS5300 to also be a dial backup solution for some of our remote branch routers. These routers will be using a mixture of ISDN (BRI) and Analog (Async wic-1am) for their dial back up. I also need to run EIGRP over the dial backup links to support the remote LAN failover.
I've compiled a proposed configuration that I think might work for this solution. My main question is how will the AS5300 be able to know which Async interface to use when a remote user needing interactive session dials in versus a remote router.
Please take a look at my proposed config and give me some feedback on if you think this will work. Thanks!!

One way I would do this is to define 5 additional Dialer interfaces for the 5 RAS dial-in users and bind them to int Group-Async 1 using dialer-pool 1.
The 5 new dialer interfaces will be configured for async mode interactive.

1750 dial backup with WIC-1ENET

Does anyone have dial backup working with a DSL or CAble link on the WIC-1ENET card as the wan link?
My dial backup doesn't automatically come up when using the WIC-1ENET card. It does work correctly when I use a serial connection as the WAN link such as the WIC-1T card.
Cisco stated something about the E0 interface not sensing the change which caused the dial backup not to come up without pulling the ethernet cable out of E0.
Any help would be greatly appreciated.
Thanks

Hi
Hope this helps...
You need to run object tracking feature to enable automatic fallback.
http://www.cisco.com/en/US/partner/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html
regds

Options: dial backup not using ISDN

This is my first post here. I hope I'm in the right place. I need to provide dial backup to one of our locations but it is too far to run an ISDN circuit to them. Mgt. says too expensive and wants a dial backup solution across a POTS line. The site was just upgraded to VOIP. We only need to allow data traffic.
We have a 2821 router running 12.4(3) version IOS. Not sure what the best option is here. Maybe another alternate way other than a modem and a POTS line. I am just looking for ideas if anyone has them. Thanks

Hello,
since cost is a concern, you could just use the AUX port (provided the device at the remote location has one) to configure a dial backup solution. This would still involve using a POTS line, but that is probably the cheapest way to get any sort of backup accomplished. Below is a configuration example. Regarding the voice traffic that should not traverse the backup connection, you would need to deny that traffic to trigger the backup, as well as to get across. In order to accomplish this, you would need to configure an access list that denies VoIP traffic, for Cisco, this would typically look like this:
access-list 101 deny tcp any any eq 1720
access-list 101 deny udp any any range 16384 32767
access-list permit ip any any
This access list then would need to be applied to the async interface (based on the configuration example given), as well as to the dialer list that triggers the backup:
interface Async65
ip access-group 101 out
dialer-list 1 protocol ip list 101
Configuring AUX-to-AUX Port Async Backup with Dialer Watch
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a0080093d2b.shtml
HTH,
GP

Dial-backup in 1841 and 2801

Please, does anyone know if the AUX ports in 1841 and 2801 support dial-backup, for example, using PPP ?
Thanks,
Cleber

Hello,
TMBK they do. Check this document for configuration details:
Configuring AUX-to-AUX Port Async Backup with Dialer Watch
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_configuration_example09186a0080093d2b.shtml
HTH,
GNT

Dual cloud dual hub single tier dmvpn with backup service provider

Hi,
I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
Is there a guide for this case?
What is the best practice in this case?
Thanks in advance,
Mladen

Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

DMVPN WAN Backup Solution

Hi All,
I am in the midst of designing a backup solution for our Asia Pac MPLS/BGP wan. Before proceeding with the design and procurement etc I thought it best to confirm a few things. We will use dmvpn and I am planning to use a 7200 VXR at the headend though it might be a bit of an overkill. Has anyone used a smaller say 3800 series router as a dmvpn hub/headend plus what series of routers can be used as the headend that will ensure the successful operation of the dmvpn network? Would the other vpn technologies be a better alternative?

Hi,
I guess that depends how many spokes you have. I have used 3800 routers as hubs for 10 spokes for more than a year without having any performance problems.
Regards,
PH

876 Configuring dial backup

We are trying to configure a Cisco 876 router to dial out via the ISDN S/T port as the primary interface. If the primary interface is disconnected for whatever reason we would like the analogue/modem connection to automatic kick in as backup through the AUX interface. Currently both the the ISDN and modem connections dial at the same time which we don't want.
I have attached a tech-support file which contains our configuration and IOS version. Is it possible to configure this router to use the ISDN to be the main connection and the analogue service to only kick in when the ISDN goes down? Appreciate any assistance.

Normally it is done with route Administrative Distance and timeout.
There are two routes to the same destination, one with low AD (e.g. 110), which is preferred, and one with high AD, manually set to e.g. 250.
When route with the lower AD goes down, traffic starts to route over route with AD250, next hop of which is backup interface. When primary link comes back up, traffic is routed over the new link, and connection on backup link times out, since there are no packets flowing.
Hope this helps.

Branch office dial backup design

I'm having more trouble with this than I think I should.
I have 10 small branch offices connected to the home office via frame-relay -- it's purely hub-and-spoke, with no PVC's between branch offices, everything goes to the central office. I'm trying to set up a POTS dial scenario to replicate this. Each branch has a 26xx with a two-port serial card, two analog modems and two POTS lines. The central office has an ISDN PRI terminating in a 3725 with MICA modems.
I can get a branch router to dial on one or both lines (multilink ppp), and the 3725 receives the call. CHAP negotiation works. Where I'm having trouble is in the IP routing. I've tried countless combinations of numbered and unnumbered interfaces, dialer-based ip pool on the 3725, EIGRP and/or floating static routes, etc., etc. Nevertheless, I can't get correct ip routes established, and I feel like I'm banging my head against the wall now. None of the edsign docs I can find on the Web site directly address my scenario in a way I can understand. Any suggestions?

This is my config for our 3640.
interface Group-Async1
ip unnumbered Serial1/0:23
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 1200
dialer map ip 170.1.1.16 name bri01rt01ec
dialer-group 1
async mode interactive
peer default ip address pool default
ppp authentication pap chap ca
ip route 192.168.16.0 255.255.255.0 172.17.1.6-----our PIX
ip route 192.168.16.0 255.255.255.0 170.1.1.16 200---Ip address of modem that dials in from 1750.
This config looks fine to me..what does everyone think?

DMVPN as Backup link to MPLS

Hi,
i want to implement DMVPN to one of our branch as a fail over link if the MPLS point to point is down.
The MPLS VPN is working fine but due to SP faults we are experiencing frequent link downs.so i want to place a dsl router at branch and configure DMVPN to our existing HUB router.
i am configuring branch router as a spoke to HUB router R3 with rip so when the MPLS which using eigrp goes down , then DMVPN link should be up depending upon AD but, my doubt is if again MPLS link gets up, will it switchover to MPLS from DMVPN.
here is the topology
Here is the configurations for HO,HUB and Branch Routers
******** HO ********
interface Tunnel102
description " Tunnel HO-Br3"
bandwidth 2048
ip address 10.10.0.10 255.255.255.252
tunnel source 172.33.1.18
tunnel destination 172.33.33.18
interface FastEthernet0/0
description "HO-LAN"
ip address 192.168.1.10 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
description " Connection MPLS SP"
ip address 172.33.1.18 255.255.255.252
duplex full
speed 100
router eigrp 200
redistribute ospf 10 metric 512 600 100 100 1500
network 10.10.0.8 0.0.0.3
no auto-summary
router ospf 10
log-adjacency-changes
redistribute eigrp 200 subnets
redistribute bgp 65350 subnets
network 192.168.12.0 0.0.0.255 area 0
router bgp 65350
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 10.10.10.0 mask 255.255.255.0
neighbor 172.31.3.17 remote-as 65400
no auto-summary
******** HUB *********
(Router R3 Config)
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 0.0.0.0 0.0.0.0
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
ip address 172.20.20.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication welc0me
ip nhrp map multicast dynamic
ip nhrp network-id 250
ip tcp adjust-mss 1360
no ip split-horizon
delay 100
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile cisco
interface GigabitEthernet0/1
ip address 74.99.128.25 255.255.255.240
ip flow ingress
ip flow egress
duplex auto
speed auto
router rip
version 2
redistribute ospf 10 metric 5
network 172.20.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 74.99.128.17
(Fail over DMVPN with RIP )
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 74.99.128.25
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
bandwidth 1024
ip address 172.20.20.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication
ip nhrp map multicast 74.99.128.25
ip nhrp map 172.20.20.1 74.99.128.25
ip nhrp network-id 250
ip nhrp holdtime 300
ip nhrp nhs 172.20.20.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
no ip split-horizon
delay 1000
tunnel source FastEthernet4
tunnel destination 74.99.128.25
tunnel key 100
tunnel protection ipsec profile cisco
interface vlan 1
description " HWIC-DSL Link"
ip addresss dhcp
ip virtual-reassembly in
duplex auto
speed auto
router rip
version 2
network 172.20.0.0
network 192.168.50.0
no auto-summary
ip route 74.99.128.25 255.255.255.255 192.168.1.1
interface Tunnel102
description " Tunnel BR-HO "
bandwidth 2048
ip address 10.10.0.9 255.255.255.252
tunnel source 172.33.33.18
tunnel destination 172.33.1.18
interface FastEthernet0/0
description "BR LAN"
ip address 192.168.50.5 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
bandwidth 2048
ip address 172.33.33.18 255.255.255.252
duplex auto
speed auto
router eigrp 200
network 10.10.0.8 0.0.0.3
network 192.168.50.0
no auto-summary
router bgp 65350
no synchronization
bgp log-neighbor-changes
neighbor 172.33.33.17 remote-as 65400
no auto-summary

Hi,
i am running eigrp over MPLS and i want the dmvpn as failover, so configured rip as it's AD is higher and it will be preferred only when the primary is down, but i want to make sure , it switches over to primary as soon as MPLS comes up.
if not DMVPN then canyou please suggest me anyother way to get over it...

Dial backup for Management of CPE routers

Hi,
I am looking for a Dial-up solution (CPE routers would be connected to an external modem), at present my CPE routers are being managed in-band.
I have a 3825 as my in-band management router.
The query is has anyone implemented such a thing? in addition can I install some 'modem card' on my 3825 and dial out to my CPEs over PSTN network.
Thanks in advance...
Cheers
~sultan

I think You are talking about Large-Dialout feature.
Please see on URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a008008794b.html
Regards,
Dharmesh Purohit

DMVPN Dial Backup

Similar Messages

Maybe you are looking for