marceloNYC
asked on
Learning how to change routing traffic between offices through AT&T MPLS network instead of site to site VPN
Dear experts:
We have AT&T mpls network between our two offices. I see that from one office we are not getting to the other using the mpls network instead is getting to us from another office that has a VPN tunnel.
A tracert display of what I am trying to communicate:
From my office here in OKC to Houston:
C:\Users\me>tracert 172.16.100.1 <-Houston HSRP router LAN Address
Tracing route to 172.16.100.1 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 172.16.8.3 <- My Voice gateway router
2 <1 ms <1 ms <1 ms 10.255.254.6 <- AT&T router link
3 1 ms 1 ms 1 ms 12.113.178.153
4 16 ms 15 ms 14 ms cr2.kc9mo.ip.att.net [12.123.130.234]
5 19 ms 15 ms 15 ms cr1.dlstx.ip.att.net [12.122.155.5]
6 17 ms 14 ms 14 ms cr2.hs1tx.ip.att.net [12.122.28.158]
7 13 ms 13 ms 13 ms 12.113.178.145
8 19 ms 13 ms 13 ms 12.113.178.146
9 40 ms 39 ms 38 ms 10.255.254.1 <- Houston Voice gateway router link with AT&T
10 39 ms 38 ms 45 ms 10.255.254.1 <- Houston Voice gateway router link with AT&T
11 49 ms 45 ms 39 ms 172.16.100.1 <-Houston HSRP router address
Trace complete.
Tracert from Houston to OKC my office:
C:\Users\houston>tracert 172.16.8.1<- OKC HSRP router address
Tracing route to 172.16.8.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.100.2 <- Houston VPN router address
2 39 ms 42 ms 41 ms 10.255.255.10 <- Tulsa VPN router office router link address
3 410 ms 438 ms 416 ms 172.16.8.1 <-OKC RSRP router
Trace complete.
hous-rtvpn-01#sh ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.102.5 to network 0.0.0.0
98.0.0.0/32 is subnetted, 1 subnets
S 98.xx.xx.77 [1/0] via 173.xx.xx.22
C 192.168.10.0/24 is directly connected, FastEthernet1.700
172.16.0.0/16 is variably subnetted, 13 subnets, 4 masks
D EX 172.16.253.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
D 172.16.16.0/23 [90/2036224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.19.0/24 [90/2036224] via 10.255.255.18, 2d07h, Tunnel60
D 172.16.12.0/24 [90/2292224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.8.0/22 [90/2292224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.8.0/21 [90/2036224] via 10.255.255.1, 3d07h, Tunnel10
D EX 172.16.0.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
C 172.16.104.0/24 is directly connected, FastEthernet1.900
D 172.16.104.0/22 is a summary, 2d07h, Null0
C 172.16.100.0/24 is directly connected, FastEthernet1.10
D 172.16.100.0/22 is a summary, 2d07h, Null0
C 172.16.102.0/24 is directly connected, FastEthernet1.222
S 172.16.103.0/24 [1/0] via 172.16.102.5
172.31.0.0/24 is subnetted, 1 subnets
D EX 172.31.254.0 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
173.11.0.0/29 is subnetted, 1 subnets
C 173.11.153.16 is directly connected, FastEthernet0
216.xx.xx.0/32 is subnetted, 1 subnets
S 216.201.183.67 [1/0] via 173.11.153.22
10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks
C 10.255.255.8/30 is directly connected, Tunnel50
D 10.255.255.12/30 [90/2289664] via 10.255.255.10, 2d07h, Tunnel50
[90/2289664] via 10.255.255.1, 2d07h, Tunnel10
C 10.255.255.0/30 is directly connected, Tunnel10
D EX 10.10.10.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
S 10.0.0.0/8 is directly connected, Null0
D EX 10.255.254.0/30
[170/1671680] via 172.16.102.3, 2d07h, FastEthernet1.222
D EX 10.255.254.4/30
[170/1671680] via 172.16.102.3, 2d07h, FastEthernet1.222
C 10.255.255.16/30 is directly connected, Tunnel60
D 10.255.0.24/32 [90/2161664] via 10.255.255.10, 2d07h, Tunnel50
C 10.255.0.1/32 is directly connected, Loopback22
D 10.255.0.2/32 [90/156160] via 172.16.102.3, 2d07h, FastEthernet1.222
D 10.255.0.12/32 [90/2164224] via 10.255.255.1, 2d07h, Tunnel10
D 10.255.0.14/32 [90/2161664] via 10.255.255.18, 2d07h, Tunnel60
D 10.255.0.11/32 [90/2161664] via 10.255.255.1, 2d07h, Tunnel10
74.0.0.0/32 is subnetted, 1 subnets
S 74.xx.xx.114 [1/0] via 173.xx.xx.22
S* 0.0.0.0/0 [1/0] via 172.16.102.5
S 172.16.0.0/12 is directly connected, Null0
S 192.168.0.0/16 is directly connected, Null0
As you can see we have VPN tunnels to other smaller offices. The two main office have an MPLS network in between. Houston is not taking the route of the AT&T MPLS network to OKC.
For your help and time on this I thank you! M
We have AT&T mpls network between our two offices. I see that from one office we are not getting to the other using the mpls network instead is getting to us from another office that has a VPN tunnel.
A tracert display of what I am trying to communicate:
From my office here in OKC to Houston:
C:\Users\me>tracert 172.16.100.1 <-Houston HSRP router LAN Address
Tracing route to 172.16.100.1 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 172.16.8.3 <- My Voice gateway router
2 <1 ms <1 ms <1 ms 10.255.254.6 <- AT&T router link
3 1 ms 1 ms 1 ms 12.113.178.153
4 16 ms 15 ms 14 ms cr2.kc9mo.ip.att.net [12.123.130.234]
5 19 ms 15 ms 15 ms cr1.dlstx.ip.att.net [12.122.155.5]
6 17 ms 14 ms 14 ms cr2.hs1tx.ip.att.net [12.122.28.158]
7 13 ms 13 ms 13 ms 12.113.178.145
8 19 ms 13 ms 13 ms 12.113.178.146
9 40 ms 39 ms 38 ms 10.255.254.1 <- Houston Voice gateway router link with AT&T
10 39 ms 38 ms 45 ms 10.255.254.1 <- Houston Voice gateway router link with AT&T
11 49 ms 45 ms 39 ms 172.16.100.1 <-Houston HSRP router address
Trace complete.
Tracert from Houston to OKC my office:
C:\Users\houston>tracert 172.16.8.1<- OKC HSRP router address
Tracing route to 172.16.8.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.100.2 <- Houston VPN router address
2 39 ms 42 ms 41 ms 10.255.255.10 <- Tulsa VPN router office router link address
3 410 ms 438 ms 416 ms 172.16.8.1 <-OKC RSRP router
Trace complete.
hous-rtvpn-01#sh ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.102.5 to network 0.0.0.0
98.0.0.0/32 is subnetted, 1 subnets
S 98.xx.xx.77 [1/0] via 173.xx.xx.22
C 192.168.10.0/24 is directly connected, FastEthernet1.700
172.16.0.0/16 is variably subnetted, 13 subnets, 4 masks
D EX 172.16.253.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
D 172.16.16.0/23 [90/2036224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.19.0/24 [90/2036224] via 10.255.255.18, 2d07h, Tunnel60
D 172.16.12.0/24 [90/2292224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.8.0/22 [90/2292224] via 10.255.255.10, 2d07h, Tunnel50
D 172.16.8.0/21 [90/2036224] via 10.255.255.1, 3d07h, Tunnel10
D EX 172.16.0.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
C 172.16.104.0/24 is directly connected, FastEthernet1.900
D 172.16.104.0/22 is a summary, 2d07h, Null0
C 172.16.100.0/24 is directly connected, FastEthernet1.10
D 172.16.100.0/22 is a summary, 2d07h, Null0
C 172.16.102.0/24 is directly connected, FastEthernet1.222
S 172.16.103.0/24 [1/0] via 172.16.102.5
172.31.0.0/24 is subnetted, 1 subnets
D EX 172.31.254.0 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
173.11.0.0/29 is subnetted, 1 subnets
C 173.11.153.16 is directly connected, FastEthernet0
216.xx.xx.0/32 is subnetted, 1 subnets
S 216.201.183.67 [1/0] via 173.11.153.22
10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks
C 10.255.255.8/30 is directly connected, Tunnel50
D 10.255.255.12/30 [90/2289664] via 10.255.255.10, 2d07h, Tunnel50
[90/2289664] via 10.255.255.1, 2d07h, Tunnel10
C 10.255.255.0/30 is directly connected, Tunnel10
D EX 10.10.10.0/24 [170/2059264] via 10.255.255.1, 2d07h, Tunnel10
S 10.0.0.0/8 is directly connected, Null0
D EX 10.255.254.0/30
[170/1671680] via 172.16.102.3, 2d07h, FastEthernet1.222
D EX 10.255.254.4/30
[170/1671680] via 172.16.102.3, 2d07h, FastEthernet1.222
C 10.255.255.16/30 is directly connected, Tunnel60
D 10.255.0.24/32 [90/2161664] via 10.255.255.10, 2d07h, Tunnel50
C 10.255.0.1/32 is directly connected, Loopback22
D 10.255.0.2/32 [90/156160] via 172.16.102.3, 2d07h, FastEthernet1.222
D 10.255.0.12/32 [90/2164224] via 10.255.255.1, 2d07h, Tunnel10
D 10.255.0.14/32 [90/2161664] via 10.255.255.18, 2d07h, Tunnel60
D 10.255.0.11/32 [90/2161664] via 10.255.255.1, 2d07h, Tunnel10
74.0.0.0/32 is subnetted, 1 subnets
S 74.xx.xx.114 [1/0] via 173.xx.xx.22
S* 0.0.0.0/0 [1/0] via 172.16.102.5
S 172.16.0.0/12 is directly connected, Null0
S 192.168.0.0/16 is directly connected, Null0
As you can see we have VPN tunnels to other smaller offices. The two main office have an MPLS network in between. Houston is not taking the route of the AT&T MPLS network to OKC.
For your help and time on this I thank you! M
ASKER
i think you are right. This is an EIGRP configuration job check this out:
show ip eigrp topology all-links
IP-EIGRP Topology Table for AS(42)/ID(10.255.0.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.255.255.8/30, 1 successors, FD is 2033664, serno 5190
via Connected, Tunnel50
P 10.255.255.12/30, 2 successors, FD is 2289664, serno 5194
via 10.255.255.1 (2289664/2033664), Tunnel10
via 10.255.255.10 (2289664/2033664), Tunnel50
P 10.10.10.0/24, 1 successors, FD is 2059264, serno 5157
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 10.255.255.0/30, 1 successors, FD is 2033664, serno 5123
via Connected, Tunnel10
P 10.255.254.0/30, 1 successors, FD is 1671680, serno 5023
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
via 10.255.255.1 (2038784/1671680), Tunnel10
P 10.255.254.4/30, 1 successors, FD is 1671680, tag is 65500, serno 5031
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
via 10.255.255.1 (2038784/1671680), Tunnel10
P 10.255.255.16/30, 1 successors, FD is 2033664, serno 5057
via Connected, Tunnel60
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.253.0/24, 1 successors, FD is 2059264, serno 5159
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 172.31.254.0/24, 1 successors, FD is 2059264, serno 5160
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 192.168.10.0/24, 1 successors, FD is 28160, serno 4
via Connected, FastEthernet1.700
P 192.168.0.0/16, 1 successors, FD is 51200, serno 8
via Rstatic (51200/0)
P 172.16.16.0/23, 1 successors, FD is 2036224, serno 5192
via 10.255.255.10 (2036224/28160), Tunnel50
via 10.255.255.1 (2292224/2036224), Tunnel10
P 172.16.19.0/24, 1 successors, FD is 2036224, serno 5081
via 10.255.255.18 (2036224/28160), Tunnel60
P 172.16.12.0/24, 1 successors, FD is 2292224, serno 5195
via 10.255.255.10 (2292224/2036224), Tunnel50
P 172.16.8.0/22, 1 successors, FD is 2292224, serno 5197
via 10.255.255.10 (2292224/2036224), Tunnel50
P 172.16.8.0/21, 1 successors, FD is 1671680, serno 5161
via 10.255.255.1 (2036224/28160), Tunnel10
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
P 172.16.0.0/24, 1 successors, FD is 2059264, serno 5158
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 172.16.0.0/12, 0 successors, FD is Inaccessible, serno 0
via 10.255.255.10 (2315264/2059264), Tunnel50
via 10.255.255.1 (2059264/51200), Tunnel10
P 172.16.104.0/22, 1 successors, FD is 28160, serno 5124
via Summary (28160/0), Null0
via 10.255.255.10 (2548224/2292224), Tunnel50
P 172.16.104.0/24, 1 successors, FD is 28160, serno 5
via Connected, FastEthernet1.900
via 10.255.255.1 (2548224/2292224), Tunnel10
via 172.16.102.3 (30720/28160), FastEthernet1.222
P 172.16.100.0/22, 1 successors, FD is 28160, serno 5055
via Summary (28160/0), Null0
P 172.16.100.0/24, 1 successors, FD is 28160, serno 2
via Connected, FastEthernet1.10
via 10.255.255.10 (2294784/2038784), Tunnel50
via 10.255.255.1 (2038784/1671680), Tunnel10
via 172.16.102.3 (30720/28160), FastEthernet1.222
P 172.16.102.0/24, 1 successors, FD is 28160, serno 3
via Connected, FastEthernet1.222
P 10.255.0.24/32, 1 successors, FD is 2161664, serno 5191
via 10.255.255.10 (2161664/128256), Tunnel50
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
via 10.255.255.1 (2417664/2161664), Tunnel10
P 10.255.0.1/32, 1 successors, FD is 128256, serno 1, anchored
via Connected, Loopback22
P 10.255.0.2/32, 1 successors, FD is 156160, serno 10
via 172.16.102.3 (156160/128256), FastEthernet1.222
P 10.255.0.12/32, 1 successors, FD is 2164224, serno 5163
via 10.255.255.1 (2164224/156160), Tunnel10
via 10.255.255.10 (2420224/2164224), Tunnel50
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
P 10.255.0.14/32, 1 successors, FD is 2161664, serno 5080
via 10.255.255.18 (2161664/128256), Tunnel60
P 10.255.0.11/32, 1 successors, FD is 2161664, serno 5156
via 10.255.255.1 (2161664/128256), Tunnel10
via 10.255.255.10 (2417664/2161664), Tunnel50
hous-rtvpn-01#
This might be the ticket to solve this issue:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c2d96.shtml
show ip eigrp topology all-links
IP-EIGRP Topology Table for AS(42)/ID(10.255.0.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.255.255.8/30, 1 successors, FD is 2033664, serno 5190
via Connected, Tunnel50
P 10.255.255.12/30, 2 successors, FD is 2289664, serno 5194
via 10.255.255.1 (2289664/2033664), Tunnel10
via 10.255.255.10 (2289664/2033664), Tunnel50
P 10.10.10.0/24, 1 successors, FD is 2059264, serno 5157
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 10.255.255.0/30, 1 successors, FD is 2033664, serno 5123
via Connected, Tunnel10
P 10.255.254.0/30, 1 successors, FD is 1671680, serno 5023
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
via 10.255.255.1 (2038784/1671680), Tunnel10
P 10.255.254.4/30, 1 successors, FD is 1671680, tag is 65500, serno 5031
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
via 10.255.255.1 (2038784/1671680), Tunnel10
P 10.255.255.16/30, 1 successors, FD is 2033664, serno 5057
via Connected, Tunnel60
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.253.0/24, 1 successors, FD is 2059264, serno 5159
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 172.31.254.0/24, 1 successors, FD is 2059264, serno 5160
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 192.168.10.0/24, 1 successors, FD is 28160, serno 4
via Connected, FastEthernet1.700
P 192.168.0.0/16, 1 successors, FD is 51200, serno 8
via Rstatic (51200/0)
P 172.16.16.0/23, 1 successors, FD is 2036224, serno 5192
via 10.255.255.10 (2036224/28160), Tunnel50
via 10.255.255.1 (2292224/2036224), Tunnel10
P 172.16.19.0/24, 1 successors, FD is 2036224, serno 5081
via 10.255.255.18 (2036224/28160), Tunnel60
P 172.16.12.0/24, 1 successors, FD is 2292224, serno 5195
via 10.255.255.10 (2292224/2036224), Tunnel50
P 172.16.8.0/22, 1 successors, FD is 2292224, serno 5197
via 10.255.255.10 (2292224/2036224), Tunnel50
P 172.16.8.0/21, 1 successors, FD is 1671680, serno 5161
via 10.255.255.1 (2036224/28160), Tunnel10
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
P 172.16.0.0/24, 1 successors, FD is 2059264, serno 5158
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
via 10.255.255.1 (2059264/51200), Tunnel10
via 10.255.255.10 (2315264/2059264), Tunnel50
P 172.16.0.0/12, 0 successors, FD is Inaccessible, serno 0
via 10.255.255.10 (2315264/2059264), Tunnel50
via 10.255.255.1 (2059264/51200), Tunnel10
P 172.16.104.0/22, 1 successors, FD is 28160, serno 5124
via Summary (28160/0), Null0
via 10.255.255.10 (2548224/2292224), Tunnel50
P 172.16.104.0/24, 1 successors, FD is 28160, serno 5
via Connected, FastEthernet1.900
via 10.255.255.1 (2548224/2292224), Tunnel10
via 172.16.102.3 (30720/28160), FastEthernet1.222
P 172.16.100.0/22, 1 successors, FD is 28160, serno 5055
via Summary (28160/0), Null0
P 172.16.100.0/24, 1 successors, FD is 28160, serno 2
via Connected, FastEthernet1.10
via 10.255.255.10 (2294784/2038784), Tunnel50
via 10.255.255.1 (2038784/1671680), Tunnel10
via 172.16.102.3 (30720/28160), FastEthernet1.222
P 172.16.102.0/24, 1 successors, FD is 28160, serno 3
via Connected, FastEthernet1.222
P 10.255.0.24/32, 1 successors, FD is 2161664, serno 5191
via 10.255.255.10 (2161664/128256), Tunnel50
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
via 10.255.255.1 (2417664/2161664), Tunnel10
P 10.255.0.1/32, 1 successors, FD is 128256, serno 1, anchored
via Connected, Loopback22
P 10.255.0.2/32, 1 successors, FD is 156160, serno 10
via 172.16.102.3 (156160/128256), FastEthernet1.222
P 10.255.0.12/32, 1 successors, FD is 2164224, serno 5163
via 10.255.255.1 (2164224/156160), Tunnel10
via 10.255.255.10 (2420224/2164224), Tunnel50
via 172.16.102.3 (1671680/1669120), FastEthernet1.222
P 10.255.0.14/32, 1 successors, FD is 2161664, serno 5080
via 10.255.255.18 (2161664/128256), Tunnel60
P 10.255.0.11/32, 1 successors, FD is 2161664, serno 5156
via 10.255.255.1 (2161664/128256), Tunnel10
via 10.255.255.10 (2417664/2161664), Tunnel50
hous-rtvpn-01#
This might be the ticket to solve this issue:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c2d96.shtml
Yes, that link would be the correct resource for this. But from what you're describing, it sounds like the best choice would be to use their first solution, of changing the interface delay, rather than changing the administrative distance (which was what I had in mind.) The way that we used to do it was to change the administrative distance on both sides, to avoid the problems they describe. But if you don't need to do that using the first solution, that would be better.
ASKER
Here is what I have for that interface tunnel from Houston to here:
interface Tunnel10
description *** VPN to okc-vpn ***
bandwidth 1440
ip address 10.255.255.2 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
ip summary-address eigrp 42 xx.xx.104.0 255.255.252.0 5
ip summary-address eigrp 42 xx.xx.100.0 255.255.252.0 5
load-interval 30
delay 1000
qos pre-classify
keepalive 10 3
tunnel source FastEthernet0
tunnel destination 98.xx.xx.77
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN shared
What should the Delay change be for this interface?
interface Tunnel10
description *** VPN to okc-vpn ***
bandwidth 1440
ip address 10.255.255.2 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
ip summary-address eigrp 42 xx.xx.104.0 255.255.252.0 5
ip summary-address eigrp 42 xx.xx.100.0 255.255.252.0 5
load-interval 30
delay 1000
qos pre-classify
keepalive 10 3
tunnel source FastEthernet0
tunnel destination 98.xx.xx.77
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN shared
What should the Delay change be for this interface?
That's a tougher question. It has to be long enough to give you a total of more than that of the MPLS connection. What's the delay on that one?
ASKER
I change the delay in the tunnel to OKC interface to 120 as it said in the article just to test it out and didn't get the result I wanted.
The Delay in the MPLS connection I am not sure what it is. I don't have access to the AT&T router. Let me investigate a little more.
The Delay in the MPLS connection I am not sure what it is. I don't have access to the AT&T router. Let me investigate a little more.
Is the AT&T router participating in the EIGRP schema? I didn't know they do that.
ASKER
Nope! They are not in the EIGRP schema.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So, I unplugged the Data cox modem we have for those tunnels and the tracert here from Houston is the way I wanted to be. Plus the other office here in Oklahoma are reached.
C:\Users\Houston>tracert 172.16.8.222 <-to us here OKC
Tracing route to server [172.16.8.222]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.100.2
2 1 ms 1 ms 1 ms 172.16.102.3
3 <1 ms <1 ms <1 ms 10.255.254.2
4 1 ms <1 ms <1 ms 12.113.178.145
5 13 ms 15 ms 15 ms cr2.hs1tx.ip.att.net [12.122.103.234]
6 15 ms 15 ms 15 ms cr1.dlstx.ip.att.net [12.122.28.157]
7 14 ms 15 ms 15 ms cr81.ocyok.ip.att.net [12.122.155.6]
8 12 ms 12 ms 12 ms 12.113.178.153
9 13 ms 13 ms 13 ms 12.113.178.154
10 13 ms 13 ms 13 ms 10.255.254.5
11 13 ms 13 ms 13 ms server here [172.16.8.222]
Trace complete.
C:\Users\Houston>tracert 172.16.17.1 <Tulsa Office router
Tracing route to 172.16.17.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.100.2
2 34 ms 32 ms 33 ms 172.16.17.1<-- looks good!
Trace complete.
C:\Users\Houston>tracert 172.16.8.222 <-to us here OKC
Tracing route to server [172.16.8.222]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.100.2
2 1 ms 1 ms 1 ms 172.16.102.3
3 <1 ms <1 ms <1 ms 10.255.254.2
4 1 ms <1 ms <1 ms 12.113.178.145
5 13 ms 15 ms 15 ms cr2.hs1tx.ip.att.net [12.122.103.234]
6 15 ms 15 ms 15 ms cr1.dlstx.ip.att.net [12.122.28.157]
7 14 ms 15 ms 15 ms cr81.ocyok.ip.att.net [12.122.155.6]
8 12 ms 12 ms 12 ms 12.113.178.153
9 13 ms 13 ms 13 ms 12.113.178.154
10 13 ms 13 ms 13 ms 10.255.254.5
11 13 ms 13 ms 13 ms server here [172.16.8.222]
Trace complete.
C:\Users\Houston>tracert 172.16.17.1 <Tulsa Office router
Tracing route to 172.16.17.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 172.16.100.2
2 34 ms 32 ms 33 ms 172.16.17.1<-- looks good!
Trace complete.
ASKER
Thank you!
I think you're going to need to add an administrative weight to the internal EIGRP route, to make it overcome the natural tendency to prefer an internal route to an external. I haven't worked with Cisco routers in so long, I can't really remember exactly where it's done, but that's what you should do.