How can I know if the site-to-site VPN tunnel is working

Discussion in 'Cisco' started by bensonlei, Jul 10, 2008.

  1. bensonlei

    bensonlei Guest


    I have a network topology as the following:

    1. Two Cisco 2800 routers,
    2. A private line between these two routers, and they are running
    3. Each Router has ASA Firewall and the firewall connecting to the
    internet through
    a broadband line
    5. A site-to-site VPN is built up between these two firewalls
    6. How can I know if the site-to-site VPN tunnel is working if no
    traffic goes through it, since it is the backup link for the private
    line ? Is tunnel self fire to keep the site-to-site up ?

    Thanks so much in advance
    bensonlei, Jul 10, 2008
  2. bensonlei

    PacketU Guest

    You need to send some traffic through it. If averything is in parallel, you
    can simply do some host routes on each end from pc's to test, or change the
    gw on a pc on each end to point to the firewall instead of the router.
    PacketU, Jul 11, 2008
  3. bensonlei

    Uli Link Guest

    ip sla

    and perhaps floating static routes

    are the magic commands.

    Set a static route through the VPN tunnel with a higher metric than the
    EIGRP learned route through the leased line. So if the EIGRP route goes
    down, the traffic will automagically routed through the VPN tunnel.

    If your tunnel use tunnel interfaces you can also watch the up/down
    state of the tunnel interfaces and run EIGRP over the VPN link too.
    Uli Link, Jul 11, 2008
  4. bensonlei

