Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1780
Views
0
Helpful
3
Replies

Regarding Failover between Leased line and VPN

Go to solution
Janardhan Meesala
Level 1
Level 1

‎07-16-2011 02:18 AM - edited ‎03-11-2019 01:59 PM

Dear Experts!!!!!!!!

I am going to design one network. I had queries with this design.

Let me explain scenario first( it was attached below).

I have two sites, Site-A and Site-B, repectively.

In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.

in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.

From ISP side

I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.

I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.

I will configure site to site VPN between two sites, A and B.

Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.

Please give me suggestions to configure this requirement.

Summary requirement:

Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.

I am attaching design diagram below.

Regards,

MJR

Labels:
Preview file
47 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-16-2011 05:20 AM

Just run dynamic routing protocols on your routers, send traffic from site A towards site B via the lease line, and if lease line fails, then route the traffic towards the respective ASA firewalls to build the VPN connection.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎07-16-2011 05:20 AM

Just run dynamic routing protocols on your routers, send traffic from site A towards site B via the lease line, and if lease line fails, then route the traffic towards the respective ASA firewalls to build the VPN connection.

0 Helpful

Go to solution
Janardhan Meesala
Level 1
Level 1
In response to Jennifer Halim

‎07-18-2011 03:08 AM

Hi Jennifer Halim,

Got your answer.

But i had two queries

1. If leased line fails how my traffic will forward through VPN

2. If leased line is working or Fails, in both cases i need internet to my internal users???

How possible these two queries???

Regards,

Janardhan

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to Janardhan Meesala

‎07-18-2011 05:40 AM

Hi Janardhan,

1. Using dynamic routing protocols, it will detect that leased line has failed, and instead of routing it through the leased line, the dynamic routing procotols will route it towards the ASA firewalls. Once traffic is  being routed towards the ASA firewalls, ASA will establish the VPN towards the peer site.

2. Internal users will continue to use the respective ASA to access the internet whether or not leased line is working or not.

Basically, default gateway for the internal users will be set to ASA, so they can access the internet.

Remote LAN for each site will be configure with dynamic routing protocols to prefer the lease line over the ASA. If lease line fails then ASA should be the next prefered route to access remote LAN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card