Greetings all,
So here is the challenge I am comming up against. I have a 1941 router with the security licence. I am setting up both a T1 wic that connects to my enterprise MPLS cloud and one of the two gig interfaces that will connect to my home office through a VPN tunnel to a ASA 5520. I have tried multiple solutions though my gues is that I am making this WAY more difficult than it needs to be. What I am trying to create is a primary on the serial interface and then a failover through the VPN.
Any thoughts, suggestions are VERY welcome!
So far, I have tried to:
Track the serial interface and then set the default route, based on the tracking
Create an IP SLA to echo the gateway of the serial interface to change the routing
Started to create HSRP between the two interfaces though I could not figure out if / how a standby could be put into a sub-interface on the serial
The SLA seems to be working somewhat. The problem is that it is not transparent and sometimes even needs me to clear the VPN tunnel to get things back to smoothly through the serial interface.
Like I said, I am guessing that I am going about this in a WAY to complicated way.
track 20 interface GigabitEthernet0/1 line-protocol
!
track 123 ip sla 1 reachability
crypto map LEVY-CRYMAP 10 ipsec-isakmp
set peer 9.8.7.6 default
set transform-set ESP-AES-256-SHA
set pfs group1
match address CRYPTO-ACL
reverse-route
interface GigabitEthernet0/1
description $ES_LAN$
ip address 1.2.3.4 255.255.255.248
ip flow ingress
duplex auto
speed auto
crypto map LEVY-CRYMAP
ip route 0.0.0.0 0.0.0.0 1.2.3.4.174 15 track 20
ip route 0.0.0.0 0.0.0.0 5.6.7.8 153 track 123
ip access-list extended CRYPTO-ACL
permit ip 10.10.91.0 0.0.0.255 any
permit ip 10.14.91.0 0.0.0.255 any
permit ip host 10.30.91.1 any
deny ip any any
ip sla 1
icmp-echo 5.6.7.8
ip sla schedule 1 life forever start-time now
event manager applet clearcrypto
event track 123 state any
action ds cli command "clear crypto sessions"
!
Thanks in advance,
David