03-30-2015 09:23 AM - edited 03-05-2019 01:07 AM
Hello everyone,
I need to build a resilient VPN solution based on the CISCO 866 VAE-K9 routers,
I have: three sites, each has one DSL and one analogue telephone line,
two of them have a static and known IP from their ISP, one will be assigned some
IP every 24 hours, IP may be different.
The sites should be connected over secure VPN through DSL.
If DSL fails, (remote target not accessible even if DSL line still UP),
a dial-up connection through an external modem/telephone line
should be established (or better it had been already established to reduce
down time?) and VPN should continue to work over this connection.
Wenn/If the DSL comes back, the traffic should go again over the better DSL connection.
Should floating routes be used || dynamic some routing protocol (OSPF?)
I am sure there must be standard solutions for that, I but I failed to find a suitable one,
I will very much appreciate if you could suggest some solution || point me out to some howto docs.
Best regards,
Yury
Solved! Go to Solution.
03-31-2015 10:19 AM
Yuri,
Consider bringing up a full mesh of VTI ipsec tunnels between your routers and then running ospf between all of them. This will do the job.
Alternatively, you could use floating static routes with a tracked route linked to a IP SLA configuration, where let's say the router automatically pings the other router across the primary path, and when/if that ping does not respond, the route will switch over to the dial-up route.
03-31-2015 10:19 AM
Yuri,
Consider bringing up a full mesh of VTI ipsec tunnels between your routers and then running ospf between all of them. This will do the job.
Alternatively, you could use floating static routes with a tracked route linked to a IP SLA configuration, where let's say the router automatically pings the other router across the primary path, and when/if that ping does not respond, the route will switch over to the dial-up route.
04-01-2015 04:57 AM
Hi, thanks a lot for your answer,
would you suggest to ping the public IPs of the routers,
the IP of the GRE tunnel or some internal IP available over
VPN/GRE? (for me the last one sounds the best)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide