Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

Dialbackup for IPSec tunnel?

jason.aarons
Level 1
Level 1

‎05-31-2004 01:25 PM - edited ‎03-02-2019 04:02 PM

How can I monitor a IPSec tunnel on a IOS Router 2600XM, and if the tunnel is down bring ip a isdn "dialer interface" ?

currently I have

interface fa0.1

des internet cable modem

encap dot1q 1

ip addr 24.24.23.1 255.255.255.0

crypto map IPSecTunnel

!

interface fa0.2

description Internal LAN

encap dot1q 2

ip addr 10.0.0.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 24.25.20.1

ip route 0.0.0.0 0.0.0.0 dialer1 220

But the dialer never goes up because the route never goes down when the Internet core has problems. I've found a dialer only works if the physical ethernet goes down. What about if the IPSec peer is unreachable?

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎05-31-2004 05:24 PM

With IPSec tunnels it is difficult to trigger changes based on losing connectivity to the remote peer. I faced this challenge in a network for a customer recently and found a solution using GRE tunels, with IPSec over the tunnel and a dynamic routing protocol over the tunnel. If the dynamic routing protocol advertises a default route, it is feasible to configure a floating static route for the default route which would use the dialer only if the dynamic route from the peer is removed from the table.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents