How can I know if the site-to-site VPN tunnel is working

Discussion in 'Cisco' started by bensonlei@yahoo.com.hk, Jul 10, 2008.

  1. Guest

    Hi,

    I have a network topology as the following:

    1. Two Cisco 2800 routers,
    2. A private line between these two routers, and they are running
    EIGRP
    3. Each Router has ASA Firewall and the firewall connecting to the
    internet through
    a broadband line
    5. A site-to-site VPN is built up between these two firewalls
    6. How can I know if the site-to-site VPN tunnel is working if no
    traffic goes through it, since it is the backup link for the private
    line ? Is tunnel self fire to keep the site-to-site up ?


    Thanks so much in advance
     
    , Jul 10, 2008
    #1
    1. Advertising

  2. PacketU Guest

    <> wrote in message
    news:...
    > Hi,
    >
    > I have a network topology as the following:
    >
    > 1. Two Cisco 2800 routers,
    > 2. A private line between these two routers, and they are running
    > EIGRP
    > 3. Each Router has ASA Firewall and the firewall connecting to the
    > internet through
    > a broadband line
    > 5. A site-to-site VPN is built up between these two firewalls
    > 6. How can I know if the site-to-site VPN tunnel is working if no
    > traffic goes through it, since it is the backup link for the private
    > line ? Is tunnel self fire to keep the site-to-site up ?
    >
    >
    > Thanks so much in advance


    You need to send some traffic through it. If averything is in parallel, you
    can simply do some host routes on each end from pc's to test, or change the
    gw on a pc on each end to point to the firewall instead of the router.
     
    PacketU, Jul 11, 2008
    #2
    1. Advertising

  3. Uli Link Guest

    schrieb:
    > Hi,
    >
    > I have a network topology as the following:
    >
    > 1. Two Cisco 2800 routers,
    > 2. A private line between these two routers, and they are running
    > EIGRP
    > 3. Each Router has ASA Firewall and the firewall connecting to the
    > internet through
    > a broadband line
    > 5. A site-to-site VPN is built up between these two firewalls
    > 6. How can I know if the site-to-site VPN tunnel is working if no
    > traffic goes through it, since it is the backup link for the private
    > line ? Is tunnel self fire to keep the site-to-site up ?
    >


    ip sla
    track

    and perhaps floating static routes

    are the magic commands.

    Set a static route through the VPN tunnel with a higher metric than the
    EIGRP learned route through the leased line. So if the EIGRP route goes
    down, the traffic will automagically routed through the VPN tunnel.

    If your tunnel use tunnel interfaces you can also watch the up/down
    state of the tunnel interfaces and run EIGRP over the VPN link too.

    --
    Uli
     
    Uli Link, Jul 11, 2008
    #3
  4. vicky Guest

    vicky, Jul 16, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,168
  2. Benson
    Replies:
    8
    Views:
    7,570
    bvlmv
    Jul 14, 2005
  3. David Mitchell
    Replies:
    0
    Views:
    910
    David Mitchell
    Jun 21, 2006
  4. Trouble
    Replies:
    0
    Views:
    750
    Trouble
    Aug 4, 2006
  5. Trouble
    Replies:
    1
    Views:
    581
Loading...

Share This Page