Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
2
Replies

vpn tunnel failover

rbolyard
Level 1
Level 1

‎05-25-2005 10:56 AM - edited ‎02-21-2020 12:10 AM

I am looking at going with 2811 routers at the branch offices running a T1 connection and then a (DSL/cable) connection to one of the fastethernet ports. Then running a 2851 at the corporate offie. The issue is trying to find a VPN failover solution. I am told by cisco reps that it can be done but they cannot show me any configs to test it. Here is what I am trying to do.

Remote offices: 2811

·T1 connection with ATT with a T1-WIC

·DSL or CABLE connection with the Fastethernet0/0

·Fastethernet0/1 connected to the local LAN as gateway address for users.

·VPN connection over T1 to Main office 2851

·T1 connection gets disconnected (no routing no connection)

·VPN gets reconnected over the Fastethernet0/0 (DSL or Cable) back to Main office 2851

·T1 connection comes back on

·T1 vpn reconnected and the Fastethernet (DSL or Cable) vpn connection released.

No one can show me any configs that I could see to see how it would work. does anyone have anything they can share or tell me.

0 Helpful
2 Replies 2

roluce
Level 1
Level 1

‎05-25-2005 12:18 PM

If I understand what you are asking for, the problem you will have is with configuring IPSec to have two different routes/IP addresses/IPSec peers. Believe it or not, Cisco does not support (to my knowledge) doing what you are asking for with just one router.

The problem is having dual routes to a single IPSec/ISAKMP destination. AKA, the IPSec session can come from either the T1 address, or the DSL address.

We do exactly what you are looking to do, but we use 2 routers (actually, 3 routers, but that's a longer explanation).

BID is the remote site, rtr03 is the T1, rtr02 is the DSL.

LAB and SPAH are the data center hub routers. We've been running this configuration for over 5 years now, runs great. The reliability of these connections is very good. The biggest issue that we've run into is that circuits would fail and no one would notice that they were down, sometimes for days. Since Cisco added GRE keepalives, this problem has been eliminated.

The network is around 300 routers, with various numbers of tunnels per router, depending on connectivity needs. The configurations are generated and managed by a central system.

There may be other solutions to the problem, but this is the solution that we use, it works very well.

Preview file
8 KB
0 Helpful

max2020
Level 1
Level 1

‎05-31-2005 06:08 PM

I would suggest that you have 2 tunnels. And route your traffic via tunnel 1(via T1 connection) at cost smaller than tunnel 2(via DSL connection).So basically, the router will select the tunnel 1 routing path first because the cost is smaller. Hence if T1 is down, then your tunnel 1 will down, then the router will select the tunnel 2 routing path.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card