Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
5
Replies

Using VPN as a backup to Frame-Relay

somanabich
Level 1
Level 1

‎08-03-2004 11:53 PM - edited ‎03-02-2019 05:31 PM

I want to achieve the following

I have two major offices, Each has a 512k link to the Internet. I have a FR circuit between them.

Each internet connection will be protected by a PIX firewall.

I want to use a VPN connection (using the PIX firwalls) through the Internet when the FR fails.

I have a fair idea how to redirect packets to be redirected to the PIX firewall (floating static route), however what happens when the DR comes back up.

All the clients on the LAN have the Default gateway set to the router.

Would using SAA/RTR aid in this type of scenario?

ANy ideas?

Labels:
0 Helpful
5 Replies 5

serdarkut
Level 1
Level 1

‎08-04-2004 03:06 AM

if the main link gets down, then the static route will be purged out of routing table, and so floating static will be used. when DR comes back up, then the normal static route will be placed on routing table with lower administrative distance.so it will be used instead of floating static route...

any points i misunderstood?

regards

0 Helpful

vcjones
Level 5
Level 5
In response to serdarkut

‎08-04-2004 05:00 AM

What you propose will work fine. The only thing to watch out for is detecting when the frame relay link fails. Easiest is to use Cisco's "frame relay end-to-end keepalive" extension. If you can't use that, then you will need to run a routing protocol, otherwise your floating static route may not activate when the frame relay fails without taking down the interface (which frame relay does from time to time).

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

0 Helpful

somanabich
Level 1
Level 1
In response to vcjones

‎08-05-2004 10:10 PM

Thanks.

This scenario works, however how can I test the scenario, when the FR comes back up, will the clients query there default router so that packets will be sent back across the FR link?

Any comments would be helpful.

0 Helpful

vcjones
Level 5
Level 5
In response to somanabich

‎08-06-2004 06:07 PM

Configure the Cisco router to supress ICMP redirects on the Ethernet interface and have your primary router do one-armed routing when in backup mode. If you're LAN lacks adequate capacity to handle the load, put the DSL router on a second Ethernet interface on the router so there is no need to reroute on the LAN side.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

0 Helpful

somanabich
Level 1
Level 1
In response to vcjones

‎08-09-2004 09:51 PM

Sorry for my ignorance, but why would I disable ICMP and what is one-armed routing.

I guess using a second interface would work, as it would be a seperate subnet, therefore my workstations would have to go through the router.

Thanks for the response.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card