Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Example device configuration > Cisco ISR
Cisco ISR
The following GRE configuration example is for Cisco ISR version 12.4 or higher.
Use the following commands to configure tunnels to the primary and secondary point of presence.
interface Tunnel0
ip address <primary_local_inner_ip> 255.255.255.252
ip tcp adjust-mss 1436
tunnel source <device_egress_ip>
tunnel destination <primary_dc_public_ip>
 
interface Tunnel1
ip address <secondary_local_inner_ip> 255.255.255.252
ip tcp adjust-mss 1436
tunnel source <device_egress_ip>
tunnel destination <secondary_dc_public_ip>
Create a policy-based routing rule to route port 80 and 443 traffic through the tunnel. Access-list commands:
access-list 104 permit tcp <client_subnet> 0.0.0.255 any eq www
access-list 104 permit tcp <client_subnet> 0.0.0.255 any eq 443
Route-map commands:
route-map Primary_Tunnel permit 11
match ip address 104
set interface Tunnel0
 
route-map Failover_Tunnel permit 12
match ip address 104
set interface Tunnel1
Attach the primary tunnel's route-map to the incoming interface:
interface <incoming_interface_name>
ip address <client_subnet> 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip policy route-map Primary_Tunnel
duplex auto
speed auto
Create an IP SLA configuration for automatic tunnel failover:
ip sla 4
icmp-echo <primary_dc_public_ip> source-interface <egress_interface_name>
threshold 3000
timeout 30000
frequency 30
ip sla schedule 4 life forever start-time now
 
track 4 ip sla 4
delay down 10 up 10
 
event manager session cli username <username>
 
event manager applet failover_if_primary_tunnel_goes_down
event track 4 state down
action 001 cli command "conf t"
action 002 cli command "interface <incoming_interface>"
action 003 cli command "ip policy route-map Failover_Tunnel"
 
event manager applet route_back_to_primary_when_available
event track 4 state up
action 001 cli command "conf t"
action 002 cli command "interface <incoming_interface>"
action 003 cli command "ip policy route-map Primary_Tunnel"
Useful show commands
Command
Description
show interfaces tunnel 0
Displays connection statistics for the tunnel to the primary point of presence
show interfaces tunnel 1
Displays connection statistics for the tunnel to the secondary point of presence
show track brief
Displays brief IP SLA connection statistics
show track 4
Displays detailed IP SLA connection statistics
show ip sla statistics
Displays IP SLA operation statistics

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Example device configuration > Cisco ISR
Copyright 2022 Forcepoint. All rights reserved.