shaunyoung78
Contributor
Contributor

TIER-1 STATIC ROUTE VPN

Hi All,

I've just had VMware TAC tell me that I can't configure a vpn on a vrf tier-0 device which is a major hole in our design. Support told me to just move the vpn down to the tier-1 devices attached to the vrf tier-0 but we need route redundancy for failover and we planned on using BGP. I was wondering if the static route option for scope had anything to do with removing a route if the IPsec tunnel goes down?

Example:

static route primary 192.168.0.0/24 admin distance 1 next-hop 172.160.0.1/30 scope primary vpn

state route secondary 192.168.0.0/24 admin distance 2 next-hop 176.16.0.5/30 scope secondary vpn

 

If the primary tunnel went down would the scope options remove the primary route as valid and dynamically let me use the secondary?

 

Regards Shaun

0 Kudos
0 Replies