Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
430
Views
0
Helpful
2
Replies

Resilient VPN configuration on c866 VAE-K9

Go to solution
ypakhomenko
Level 1
Level 1

‎03-30-2015 09:23 AM - edited ‎03-05-2019 01:07 AM

Hello everyone,

I need to build a resilient VPN solution based on the CISCO 866 VAE-K9 routers,
I have: three sites, each has one DSL and one analogue telephone line,
two of them have a static and known IP from their ISP, one will be assigned some
IP every 24 hours, IP may be different.

The sites should be connected over secure VPN through DSL.
If DSL fails, (remote target not accessible even if DSL line still UP),
a dial-up connection through an external modem/telephone line
should be established (or better it had been already established to reduce
down time?) and VPN should continue to work over this connection.

Wenn/If the DSL comes back, the traffic should go again over the better DSL connection.

Should floating routes be used || dynamic some routing protocol (OSPF?)

I am sure there must be standard solutions for that, I but I failed to find a suitable one,
I will very much appreciate if you could suggest some solution || point me out to some howto docs.

Best regards,
Yury

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mattp0002
Level 1
Level 1

‎03-31-2015 10:19 AM

Yuri,

Consider bringing up a full mesh of VTI ipsec tunnels between your routers and then running ospf between all of them.  This will do the job.

Alternatively, you could use floating static routes with a tracked route linked to a IP SLA configuration, where let's say the router automatically pings the other router across the primary path, and when/if that ping does not respond, the route will switch over to the dial-up route.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mattp0002
Level 1
Level 1

‎03-31-2015 10:19 AM

Yuri,

Consider bringing up a full mesh of VTI ipsec tunnels between your routers and then running ospf between all of them.  This will do the job.

Alternatively, you could use floating static routes with a tracked route linked to a IP SLA configuration, where let's say the router automatically pings the other router across the primary path, and when/if that ping does not respond, the route will switch over to the dial-up route.

0 Helpful

Go to solution
ypakhomenko
Level 1
Level 1
In response to mattp0002

‎04-01-2015 04:57 AM

Hi, thanks a lot for your answer,

would you suggest to ping the public IPs of the routers,

the IP of the GRE tunnel or some internal IP available over

VPN/GRE? (for me the last one sounds the best)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card