09-12-2013 03:46 AM - edited 03-04-2019 09:00 PM
Hi,
I have a 1900 router in a remote location with one LAN and two external connections A & B.
Connection A is a wireless point to point back to HQ (layer 2)
Connection B is a DSL running an IPSEC VPN back to HQ (layer 3)
Connection A is the live link running layer 2 so the HQ subnet is spanned out to the remote location.
I want to make the remote site layer 3 and use Connection B as a backup.
But how can I run both connections for redundancy without the crypto taking precedence over wireless point to point which will have a default static route with metric 1 whereas the VPN will be defalt route metric 2.
Is there a command or config to allow the routes to get checked first before the crypto? I hope I have explained this well enough.
Thanks
F
09-12-2013 02:13 PM
I can't really picture this. Do the clients at the remote location have the same IP addressing as the clients at the head office? Does the remote location access the Internet through the head office?
In any case using static routes will require you to manually make a change whenever a link fails. It may be best to run a routing protocol over the wireless link or static routes with tracking and have a backup default route that points to the head office over the DSL link.
09-12-2013 07:15 PM
Hi Fergal,
IPSec VPN as backup link is normal setup, this should work fine. Can you post your remote router's config, maybe just something simple.
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
09-25-2013 07:24 AM
Hi Lei Tian,
I have implemented this solution yet but speaking with others apparently crypto does take precedence over a static route.
Is there documentation anywhere to prove this. I proposed the solution to the customer thinking the very same as you stated but now I'm doubtful.
Fergal
09-25-2013 07:41 AM
Hi Fergal just keep in mind that routing has to take place before you can encrypt, in other words the router has to determine the exit interface for the destination before encryption can be applied, which means if you have a static route that sends traffic over your primary link then that is where the traffic will go. If the primary link is down/disconnected will you be able to send traffic over the backup link whether manually or automatically. My thoughts on how to accomplish that are in my previous post.
I believe there is an order of operation document for routers somewhere, I will see if I can find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide