Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
3
Replies

Routing with a Serial Interface and VPN connection

Go to solution
jgadbois
Level 1
Level 1

‎05-08-2011 06:36 AM - edited ‎03-06-2019 04:57 PM

I have a a router at location A that has a T1 connection to location B.  I also have a site-to-site VPN connection to location B from location A.  I want the VPN connection to be the preferred route with the T1 as backup.  Do I need to do some kind of DDR routing technique to force the traffic accross the VPN connection until it's not available?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Rodichev
Level 7
Level 7

‎05-08-2011 08:13 AM

What you need is RRI (reverse route injection) enabled on the site-to-site tunnel. Cisco VPN 3000, ASA VPN and IOS VPN crypto support this feature:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

Once the tunnel comes up each side will inject a static route into the local routing table for the remote destinations. Your device knows remote destinations from the crypto access list. Next, you redistribute static routes locally into some dynamic routing protocol. ASA supports EIGRP, OSPF, RIP. IOS supports those three and a few other ones. Use some low metrics for the redistribution, and use high metric on the T1. This way site-to-site VPN will be preferred. If the tunnel fails, the static RRI route disappears and your T1 will become preferred in the routing tables.

Regards,

Roman

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Roman Rodichev
Level 7
Level 7

‎05-08-2011 08:13 AM

What you need is RRI (reverse route injection) enabled on the site-to-site tunnel. Cisco VPN 3000, ASA VPN and IOS VPN crypto support this feature:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

Once the tunnel comes up each side will inject a static route into the local routing table for the remote destinations. Your device knows remote destinations from the crypto access list. Next, you redistribute static routes locally into some dynamic routing protocol. ASA supports EIGRP, OSPF, RIP. IOS supports those three and a few other ones. Use some low metrics for the redistribution, and use high metric on the T1. This way site-to-site VPN will be preferred. If the tunnel fails, the static RRI route disappears and your T1 will become preferred in the routing tables.

Regards,

Roman

0 Helpful

Go to solution
jgadbois
Level 1
Level 1
In response to Roman Rodichev

‎05-08-2011 08:30 AM

Thanks for the reply.  I tried RRI and the redistribution but somehow couldn't get the VPN connection to start.  That's why I kind of gave up on it.  I must be missing something.  But now that I have a direction, I'll keep trying.  Thanks again!

0 Helpful

Go to solution
Roman Rodichev
Level 7
Level 7
In response to jgadbois

‎05-08-2011 08:34 AM

feel free to post here your VPN configuration for both sides

0 Helpful
Customers Also Viewed These Support Documents