cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
5
Helpful
5
Replies

dual wan and backup route in case fail

Wojciech Zuk
Level 1
Level 1

hello,

I have configured two WAN (one of it is vpn) on router, traffic is divided and going to the same localisation (lan 10.1.0.0), my route looks like:

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.100.9

ip route 10.1.0.153 255.255.255.255 80.x.x.25 permament

Most of traffic going through Fa0/1 interface (192.168.100.10), one connection to 10.1.0.153 going through VPN serial0/0/0 (80.x.x.25)

Everything works good but when I simulate VPN fail, then connection to 10.1.0.153 is inaccessible.

Help me configure router to switch route to second WAN (FA0/1) when VPN fail?

5 Replies 5

antonio.guirado
Level 3
Level 3

Hello,

how do you simulate the VPN fail?.

You are using the keywork "permanent" that meaning that the static route exists in the routing table even though

the serial interface is down. So if you create a static route (without "permanent" keywork) and shutdown the serial interface, the static route will disappear because next hop is unreachable. Then, all traffic will be forward to 192.168.100.9 (default route).

Regards

I simulate VPN simply by disable it on sonicwall 10.1.0.0 LAN.

sorry but your sugesstion not work, I've removed permanent work from ip route, but when VPN is disabled connection from/to 10.1.0.153 not work.

Hello,

my post tell that the physical interface serial  0/0/0 must be down. If serial0/0/0 interface is up/up the route

does not disppear.

Another interesting feature is ip sla. You can create a track object and associated to VPN static route.

If you are interested, please send us your plataform and IOS to check if this feature is supported.

Regards.

Hello

Can you show to our your show ip route command when you simulate VPN down?

If static route exist (10.1.0.153 255.255.255.255 80.x.x.25) in routing table, but next hop is unreachable

. Your second connection by default route will not work.

80.x.x.25 is this IP directly connected or you have some transparent devices ?

I suggest to configure IP SLA to track next-hop IP address 80.x.x.25

Hope this helps.


thanks you for all,

I have configured IP SLA to check my VPN link, this feature works very good

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: