05-15-2013 05:00 AM - edited 03-04-2019 07:54 PM
hello,
I have configured two WAN (one of it is vpn) on router, traffic is divided and going to the same localisation (lan 10.1.0.0), my route looks like:
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.100.9
ip route 10.1.0.153 255.255.255.255 80.x.x.25 permament
Most of traffic going through Fa0/1 interface (192.168.100.10), one connection to 10.1.0.153 going through VPN serial0/0/0 (80.x.x.25)
Everything works good but when I simulate VPN fail, then connection to 10.1.0.153 is inaccessible.
Help me configure router to switch route to second WAN (FA0/1) when VPN fail?
05-15-2013 05:36 AM
Hello,
how do you simulate the VPN fail?.
You are using the keywork "permanent" that meaning that the static route exists in the routing table even though
the serial interface is down. So if you create a static route (without "permanent" keywork) and shutdown the serial interface, the static route will disappear because next hop is unreachable. Then, all traffic will be forward to 192.168.100.9 (default route).
Regards
05-15-2013 06:08 AM
I simulate VPN simply by disable it on sonicwall 10.1.0.0 LAN.
sorry but your sugesstion not work, I've removed permanent work from ip route, but when VPN is disabled connection from/to 10.1.0.153 not work.
05-15-2013 07:26 AM
Hello,
my post tell that the physical interface serial 0/0/0 must be down. If serial0/0/0 interface is up/up the route
does not disppear.
Another interesting feature is ip sla. You can create a track object and associated to VPN static route.
If you are interested, please send us your plataform and IOS to check if this feature is supported.
Regards.
05-15-2013 07:41 AM
Hello
Can you show to our your show ip route command when you simulate VPN down?
If static route exist (10.1.0.153 255.255.255.255 80.x.x.25) in routing table, but next hop is unreachable
. Your second connection by default route will not work.
80.x.x.25 is this IP directly connected or you have some transparent devices ?
I suggest to configure IP SLA to track next-hop IP address 80.x.x.25
Hope this helps.
05-15-2013 12:11 PM
thanks you for all,
I have configured IP SLA to check my VPN link, this feature works very good
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide