Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
1
Replies

Failover routing with vpn's

Robertjooste1
Level 1
Level 1

‎03-25-2013 03:14 AM - edited ‎03-04-2019 07:23 PM

Good day,

I've got a setup where we have a wireless connection coming in and using mikrotik router. We have multiple stores coming in via the wireless with a dmvpn.

The vpn's terminate on the cisco c870 and can be seen when running: show dmvpn

The cisco has a default route to the fibre router (10.0.0.252). The wireless router is the default gateway for the network. The failover from wireless to adsl fails. (due to the cisco routing traffic back to the wireless router when wireless fails)

If I change the default route on the cisco to dialer1, the failover works, but none of the vpn's connect. The Branches all have dynamic ip addresses. The HO has a static ip.

My goal: I want to achieve adsl failover for when the wireless goes down and still have the vpn's connected.

Can I have some sort of "Dynamic" route on the cisco. So when the vpn traffic comes in via wireless and hits the cisco, the vpn traffic can then go back out that way via the wireless router, but still have a default gateway on the dialer interface for failover?

*I can change default gateway of HO network if need be.

Labels:
0 Helpful
1 Reply 1

Abzal
Level 7
Level 7

‎03-25-2013 05:37 AM

Hi,

If I understood you correctly when you change default route to dialer interface Internet etc. works except vpn.

Did you exempt VPN's traffic from NATing?

For dynamic failover you can use IP SLA with tracking object.

Example:

Interface f0
Desc Connected wireless router
ip nat outside
...

Interface dialer1
ip nat outside
...

Ip sla 10
Icmp-echo 4.2.2.2

ip sla schedule 10 life forever start-time now
track 10 rtr 10 reachability

ip access-list 101 icmp any host 4.2.2.2

route-map PBR
match ip addr 101
set interface f0

ip local policy route-map PBR

ip route 0.0.0.0 0.0.0.0 track 10
ip route 0.0.0.0 0.0.0.0 dialer1 200

access-list 102 deny ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any

route-map ISP1
match ip addr 102

route-map ISP2
match ip addr 102

ip nat inside source route-map ISP1 interface f0 overload
ip nat inside source route-map ISP2 interface dialer1 overload

Sent from Cisco Technical Support Android App

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card