Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2334
Views
0
Helpful
8
Replies

Backup Solution for VPN Connection (using ISDN)

jsteffensen
Level 1
Level 1

‎06-06-2001 02:56 AM - edited ‎02-20-2020 09:48 PM

We use a VPN Connection between two sites, A=10.1.x.x and B=10.2.x.x., using 2 Pix'es.

The VPN connection works perfectly, well it works perfectly 80% of the time.....

.

Our different Serviceproviders have some time problems to deliver connection between our sites, and this makes the VPN connection break down some times.

.

And now we are searching for a BACKUP-Solution for the VPN connection.

We have desided to use ISDN.

.

By plasing a Router in front (LAN) of the Pix as the Default Gateway for the LAN, we have been thinking that it could use a Routing protocol to detect when the VPN fails, and use the ISDN as the "backup"-connection to the oter site.

.

It would then look something like this:

.

LANA - R - Pix ------ VPN ---- Pix - R - LANB

.............\_________ISND________/.........

.

Primary connection from A to B is the VPN, but if no Routing updates are recieved from the Router on Network B to the Router on LANA, the Router on LANA should use the ISDN connection as Route to LANB.

.

It cannot be impossible, but does anyone know how?

Or have any Ideas? Brainstorming?

.

Best Regard

Jarle

0 Helpful
8 Replies 8

kstaniek
Level 1
Level 1

‎06-07-2001 12:25 PM

You can try to establish GRE tunnel between routers throught the VPN connection and configure some routing protocol runing on it. When the tunnel will be broken the ISDN backup could be initiated

0 Helpful

m.luethi
Level 1
Level 1

‎11-02-2001 07:47 AM

Jarle, have you found a solution? I'm planning on doing exactly the same VPN backup over ISDN.

Thanks for any input!

Martin

0 Helpful

MBILA
Level 1
Level 1
In response to m.luethi

‎11-20-2001 05:35 AM

Can you run OSPF on the ethernet ports at both ends of the VPN. Assign IP addresses with the neighbors statement. Because broadcasts will not work. Then use floating static routes for the ISDN.

This is what I will be attempting, I think. What do you think?

0 Helpful

MBILA
Level 1
Level 1

‎11-16-2001 09:29 AM

Have you found a solution for this. I am trying to do the same thing?

0 Helpful

cjacinto
Cisco Employee
Cisco Employee

‎12-01-2001 07:53 PM

Be best to run gre on both routers behind the PIX and run some routing protocols over it, say OSPF.

You could then assign a higher metric to the ISDN link, but if route to the GRE tunnel is down (as a consequence of the VPN tunnel being down) then DDR on the ISDN would kick in.

0 Helpful

wbutcher
Level 1
Level 1

‎05-14-2002 07:28 AM

Hi Jarle,

Did you get a response to your question? We are about to undertake a project to test ISDN backup to a VPN and any information or resolutions you have would be very useful.

Cheers

Warren

0 Helpful

jsteffensen
Level 1
Level 1
In response to wbutcher

‎05-15-2002 12:25 AM

Hi Warren

No I am sorry, I have only some few "notifications" regarding this problem and a possible "workaround":

-Define a GRE tunnel between two routers.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_c/icdlogin.htm#xtocid292793

Since we can live with the problem, we have not invested more in to solving it..........

(If you are able to solve it, i would be grateful for a feedback.....)

Greetings

Jarle

0 Helpful

yusuff
Cisco Employee
Cisco Employee

‎06-17-2002 02:42 AM

Here is a document i wrote, might help

Configuring IPSec Redundancy over ISDN

http://www.cisco.com/warp/public/707/ipsec_dialerwatch.html

HTH

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card