Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2494
Views
0
Helpful
3
Replies

Regarding Failover between Leased line and VPN

Go to solution
Janardhan Meesala
Level 1
Level 1

‎07-16-2011 02:20 AM - edited ‎03-07-2019 01:14 AM

Dear Experts!!!!!!!!

I am going to design one network. I had queries with this design.

Let me explain scenario first( it was attached below).

I have two sites, Site-A and Site-B, repectively.

In site-A i have one Cisco 1841 router, one Cisco ASA 5510 firewall and One cisco 3560 layer 3 switch.

in site-B i have one Cisco 1841 router, one Cisco ASA 5505 firewall and One Cisco 3560 layer 3 switch.

From ISP side

I have point-to-point leased line between sites A and B. And both sites have internet connectivity from another ISP.

I planned to terminate leased line in cisco 1841 router in both branches for branch to branch connectivity.

I will configure site to site VPN between two sites, A and B.

Here my query was i want make VPN as failover connectivity if leased line fails. In both the cases, i need internet to the inside users in both sides.

Please give me suggestions to configure this requirement.

Summary requirement:

Leased line is Primary and VPN is Back-up, if leased line fails. In both cases internet is needed to inside users.

I am attaching design diagram below.

Regards,

MJR

Labels:
Preview file
47 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
prasad.gsmc
Level 1
Level 1

‎07-16-2011 03:46 AM

Hi,

I am giving you some suggestion based on the following assumption

Both Site the traffic pertaining to Remote site will come to the router.

The best way to achieve your requirement is to do GRE over IPSec

Step 1: Conigure a gre tunnel between two sites over Internet

Step 2: Protect GRE End points using IPsec

Step 3: Ensure proper route failover between sites either by running Routing protocols between GRE as well as Leased line

The GRE tunnel destination should be routed through Firewall, ie on each router add a route to reach the IPSec ./ GRE end point

refer the design guide

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

regards

Prasad

View solution in original post

0 Helpful
3 Replies 3

Go to solution
prasad.gsmc
Level 1
Level 1

‎07-16-2011 03:46 AM

Hi,

I am giving you some suggestion based on the following assumption

Both Site the traffic pertaining to Remote site will come to the router.

The best way to achieve your requirement is to do GRE over IPSec

Step 1: Conigure a gre tunnel between two sites over Internet

Step 2: Protect GRE End points using IPsec

Step 3: Ensure proper route failover between sites either by running Routing protocols between GRE as well as Leased line

The GRE tunnel destination should be routed through Firewall, ie on each router add a route to reach the IPSec ./ GRE end point

refer the design guide

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

regards

Prasad

0 Helpful

Go to solution
Janardhan Meesala
Level 1
Level 1
In response to prasad.gsmc

‎07-18-2011 05:59 AM

Dear Prasad,

I very new to this GRE tunnel.

Will you brief me how GRE tunnel will work???

As per my scenario i need to use leased line as primary and VPN as back-up connection for site to site connectivity.

then how to achieve this????

Is there any chance to configure Load balancing?????

Regards,

Janardhan

0 Helpful

Go to solution
Janardhan Meesala
Level 1
Level 1
In response to Janardhan Meesala

‎07-18-2011 11:17 PM

HI Prasad,

I gone through the link what you given.

In that one default route was configured towards firewall.

In my scenario i need to configure two default routes, one is pointing towards Leased line and another one pointing towards Firewall. Then how packet takes priority towards leased line over Firewall side.

Regards,

Janardhan

0 Helpful
Customers Also Viewed These Support Documents