cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
171
Views
0
Helpful
1
Replies
ngthen
Beginner

Dual ISP with VPN failover

I have a remote site that has a 2851 currently with a single ISP and VPN site-to-site back to my HQ.  I would like to add a second ISP at the remote site for fail-over as the Internet connection at the location is somewhat unstable.  My HQ is fully redundant already with dual ISPs and eBGP.  To comply with corporate policy I tunnel all traffic back to HQ for inspection, content filtering, SSL decryption, etc.  I'd prefer to use a tunnel interface with this setup as I can do more with ACLs and security opposed to crypto-maps.

Is it possible in the IOS to do the following?

  1. Establish a site-to-site tunnel using ISP1 and aggressive mode (works easier at HQ when 2 ISPs are invloved) back to HQ.
  2. If ISP1 fails detect and switch over to ISP2.
  3. Re-establish the VPN tunnel with ISP2 back to HQ.
  4. Detect ISP1 is back up and flip back.

I could do this with 2 routers and HSRP but that would involve changing the way things work at HQ with the routing and I would like to avoid that if possible to not introduce more changes.  Any thoughts on how to do it would be appreciated.  Thanks in advance.

 

1 REPLY 1
tech.linkwave
Beginner

HI did you get the solution ?

 

i am also looking forward for a solution to get the VPN fail over, right now  have 2 routers each connected to different ISP with static ip. INternet fail over is working fine and even VPN tunnel is also fine but i do not know how to configure the VPN failover... do you have any idea about it ?

 

Thanks,

Sandy