Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
171
Views
0
Helpful
1
Replies
ngthen
Beginner
Beginner
‎07-31-2014 05:15 AM
‎07-31-2014 05:15 AM

Dual ISP with VPN failover

I have a remote site that has a 2851 currently with a single ISP and VPN site-to-site back to my HQ.  I would like to add a second ISP at the remote site for fail-over as the Internet connection at the location is somewhat unstable.  My HQ is fully redundant already with dual ISPs and eBGP.  To comply with corporate policy I tunnel all traffic back to HQ for inspection, content filtering, SSL decryption, etc.  I'd prefer to use a tunnel interface with this setup as I can do more with ACLs and security opposed to crypto-maps.

Is it possible in the IOS to do the following?

  1. Establish a site-to-site tunnel using ISP1 and aggressive mode (works easier at HQ when 2 ISPs are invloved) back to HQ.
  2. If ISP1 fails detect and switch over to ISP2.
  3. Re-establish the VPN tunnel with ISP2 back to HQ.
  4. Detect ISP1 is back up and flip back.

I could do this with 2 routers and HSRP but that would involve changing the way things work at HQ with the routing and I would like to avoid that if possible to not introduce more changes.  Any thoughts on how to do it would be appreciated.  Thanks in advance.

 

Labels:
0 Helpful
1 REPLY 1
tech.linkwave
Beginner
Beginner
‎08-09-2015 10:52 AM
‎08-09-2015 10:52 AM

HI did you get the solution ?

 

i am also looking forward for a solution to get the VPN fail over, right now  have 2 routers each connected to different ISP with static ip. INternet fail over is working fine and even VPN tunnel is also fine but i do not know how to configure the VPN failover... do you have any idea about it ?

 

Thanks,

Sandy

0 Helpful
Latest Contents
Cisco DNA Software Demo Series - Cisco ThousandEyes
Created by gajewell on 04-20-2021 02:37 PM
0
0
0
0
Cisco DNA Software Demo Series - Cisco ThousandEyesRegister nowWednesday, May 12, 202110:00 am Pacific Daylight Time(San Francisco, GMT-07:00)SaaS applications and cloud-based services are increasingly critical for on-campus users, but they can be challen... view more
**New Episode** Cisco Champion Radio: S8|E16 Cisco Smart Bui...
Created by aalesna on 04-19-2021 07:21 PM
0
0
0
0
New Cisco Champion Radio release on Cisco Smart Building SolutionsListen: https://smarturl.it/CCRS8E16Follow us: https://twitter.com/CiscoChampion Now more than ever, sustainable and flexible building designs are at the forefront of every develo... view more
Configuring MACsec Switch to Host with ISE
Created by Timothy Glen on 04-19-2021 12:43 PM
0
5
0
5
DRAFT -- THIS DOCUMENT IS STILL IN DRAFT FORM Summary MACsec is IEEE standard 802.1AE. It was developed by the IEEE to compliment the 802.1X-2004 standard. MACsec was developed to allow authorized systems to connect and then encrypt data that is transmitt... view more
SD-WAN Overview & Advanced Deployment Lab | Part.1
Created by Mohamed Alhenawy on 04-16-2021 12:13 AM
1
15
1
15
Today I'm going to talk about SD-wan including SD-WAN advanced lab ,, first thing let's take a small brief about the SD_WAN.  What is SD-WAN?   SD-WAN is Software define wide area network and SD-WAN is key part of the technology o... view more
Cisco Meraki IoT specialist will introduce you to new and in...
Created by sullskog on 04-15-2021 01:09 AM
0
0
0
0
Leopold Fisher, Cisco Meraki IoT specialist, will introduce you to new and innovative additions to the Meraki portfolio coming in April 2021.         Meraki Vision Session MV smart camera range is getting big... view more
Content for Community-Ad