Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2207
Views
0
Helpful
3
Replies

Route out redundant internet connection

fusmichaelt
Level 1
Level 1

‎12-27-2012 05:47 PM - edited ‎03-04-2019 06:31 PM

We have a six node MPLS network, all nodes route to our main office for a variety of services (email, core, fire shares, Internet, etc). Therefore, the link to our main office is crucial. In the event that the MPLS link to/from our main office becomes unavailable, we would like to establish a secondary route into our main office via virtual private network. Our main office and two branch offices have redundant broadband internet connections

We currently have Cisco 1921 routers as our branch routers and a Cisco 2800 as our “core” router at the main office. We also have two SonicWall TZ-200 series firewalls at the two branch locations and a SonicWall NSA-2400 at our main office. The VPN connection seems to work okay.

How would I configure my branch routers to advertise and route traffic out the VPN connection in the event that the MPLS leg to/from our main office is down?

I've attached a very basic diagram.

Labels:
Preview file
449 KB
0 Helpful
3 Replies 3

Abzal
Level 7
Level 7

‎12-27-2012 06:22 PM

Hi,

You can simply put floating ip route. Primary link will be monitored by IP SLA and in case of it's failure second link will take over. As soon primary link restores it again will be default route to the network.

Here is an example:

https://supportforums.cisco.com/docs/DOC-8313

Hope it will help.

Best regards,
Abzal
0 Helpful

fusmichaelt
Level 1
Level 1
In response to Abzal

‎12-27-2012 06:41 PM

Thanks for the reply.  Our router does not have a connection to our backup internet connection, it just has the WAN MPLS connection and the LAN connection.  We have a sonicwall that sits in from of the backup connection.  The sonicwall is then plugged to our cisco switch with a local lan address (see image).

If the main connection to the MPLS cloud is down, the router would need to know to send it back out the LAN connection, through our switch, then out the backup connection.

Then again, I could be over complicating things :-)

0 Helpful

david.tran
Level 4
Level 4
In response to Abzal

‎12-27-2012 07:26 PM

This is what I would do:

1- create a GRE tunnel between your HQ and branch offices that has Internet connections. 

2- Encrypt the GRE traffics with IPSec via the SonicWall firewall,

3- Now run dynamic routing protocols over the GRE tunnel.  GRE interface, by design, will have much higher metric than your MPLS. 

Under normal condition, MPLS will be the preferred route.  If MPLS is not available by any means, GRE/IPSec will take over automatically.  When MPLS is restored, everything will falls back into MPLS

You just need to be careful what inject into the GRE tunnel.  A much cleaner solution than floating route, IMHO

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card