Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
3
Replies

Redundant VPN Connection & Routing

sometechguy
Level 1
Level 1

‎06-04-2008 06:35 AM - edited ‎03-03-2019 10:13 PM

We have a remote site with a T1 connection and a backup DSL line. On the DSL line, I would like to place an ASA 5505 with an "always-on" LAN-to-LAN tunnel back to our network. Of course, this would be so that if the T1 circuit failed, it would failover to the VPN tunnel over the DSL line. My question: Since the VPN Concentrator at the main site does not support EIGRP (used across the LAN/WAN), how do I configure routing at the main site to allow for this "failover"?

Labels:
0 Helpful
3 Replies 3

sdoremus33
Level 3
Level 3

‎06-04-2008 09:09 AM

When you say the VPN concentrator will not support EIGRP RP, what if you set up a GRE tunell from remote site to your LAN. Just a suggestion. HTH

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎06-04-2008 09:15 AM

Chris

How to do this would depend somewhat on the topology of the network at the main site. Would I be correct in assuming that the interface at the main site that would be running the IPSec VPN would be different from the interface that is receiving the T1 from the remote? If so then EIGRP over the T1 will know if the T1 is working or not and if it is not then the route to the remote site over the T1 would be withdrawn from the routing table. If you had a floating static route configured it could point to the remote site through the interface running IPSec and with the crypto map that would recognize the traffic to the remote and process it through IPSec.

So a floating static route at the main site showing the remote as reachable through the IPSec interface would be the simple solution. If the topology is different then we may need to look for a different solution.

[edit] I realize that I slightly misunderstood the original post. I assumed that you would run IPSec VPN from the router that receives the T1 from the remote. I now see that you are talking about a VPN concentrator for site to site. I think most of my answer is still appropriate. A floating static route should work, but instead of my suggestion about the interface which processes IPSec the floating static would point to the interface which leads to the concentrator.

HTH

Rick

HTH

Rick
0 Helpful

sometechguy
Level 1
Level 1
In response to Richard Burts

‎06-05-2008 07:19 AM

Thank you for the quick response.

The topology is as follows:

CoreRouterA <-> CoreRouterB

CoreRouterA -> VPN Concentrator

CoreRouterB -> RouterC

RouterC ->T1 RemoteSite

VPN Concentrator ->IPSEC Remote Site

Make sense?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card