VPN backup link?

richard268 · ‎03-27-2003

router 2611 is connected to the internet by using ethernet port to ISP. And it is also configured to allow vpn connection with remote clients.

Issue:

Client is now worrying that if the outside link to isp is down, all the users from internet can not get connected through vpn connection. He wants to have a backup link to internet if the first link is down. But problem is:

How do I configure the backup link to allow incoming vpn connection when the first link is down?

Is this possible? Any example or sceniario?

Thanks

Richard

afakhan · ‎03-27-2003

Hi,

you need to terminate your vpn tunnels to a loopback ip address (cry map map-name local-address lo1 e.g.,), and then you can configure two default routes (one with higher AD pointing to the interface ocnfigured for backup ISP), so that route is used when primary link is down.

Basically, your loopback address will be up all the time, and routing will be done via active ISP.

thx

Afaq

Thx

Afaq

mnaveen · ‎05-21-2003

Hi Richard,

A permanent solution for link failure b/n your 2611 and the ISP is to have a HSRP standby group. I don't think just by having a loopback address will solve your link failure problem. Rather, have another router connected to the same ISP and enable HSRP Interface tracking so that if the first link goes down, the other can take over; in which case, the IPSec SAs created with the first router will be dropped and new SAs will be created with the second one.

Let me know if you need more info.

Naveen.

mnaveen@cisco.com