Cisco ISR
The following GRE configuration example is for Cisco ISR version 12.4 or higher.
Use the following commands to configure tunnels to the primary and secondary point of presence.
interface Tunnel0
ip address <primary_local_inner_ip> 255.255.255.252 ip tcp adjust-mss 1436
tunnel source <device_egress_ip>
tunnel destination <primary_dc_public_ip>
interface Tunnel1
ip address <secondary_local_inner_ip> 255.255.255.252 ip tcp adjust-mss 1436
tunnel source <device_egress_ip>
tunnel destination <secondary_dc_public_ip>
Create a policy-based routing rule to route port 80 and 443 traffic through the tunnel. Access-list commands:
access-list 104 permit tcp <client_subnet> 0.0.0.255 any eq www
access-list 104 permit tcp <client_subnet> 0.0.0.255 any eq 443
Route-map commands:
route-map Primary_Tunnel permit 11
match ip address 104
set interface Tunnel0
route-map Failover_Tunnel permit 12
match ip address 104
set interface Tunnel1
Attach the primary tunnel's route-map to the incoming interface:
interface <incoming_interface_name>
ip address <client_subnet> 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map Primary_Tunnel duplex auto
speed auto
Create an IP SLA configuration for automatic tunnel failover:
ip sla 4
icmp-echo <primary_dc_public_ip> source-interface
<egress_interface_name> threshold 3000
timeout 30000
frequency 30
ip sla schedule 4 life forever start-time now
track 4 ip sla 4
delay down 10 up 10
event manager session cli username <username>
event manager applet failover_if_primary_tunnel_goes_down event track 4 state down
action 001 cli command "conf t"
action 002 cli command "interface <incoming_interface>" action 003 cli command "ip policy route-map Failover_Tunnel"
event manager applet route_back_to_primary_when_available event track 4 state up
action 001 cli command "conf t"
action 002 cli command "interface <incoming_interface>" action 003 cli command "ip policy route-map Primary_Tunnel"