cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
839
Views
0
Helpful
3
Replies

Routing with a Serial Interface and VPN connection

jgadbois
Level 1
Level 1

I have a a router at location A that has a T1 connection to location B.  I also have a site-to-site VPN connection to location B from location A.  I want the VPN connection to be the preferred route with the T1 as backup.  Do I need to do some kind of DDR routing technique to force the traffic accross the VPN connection until it's not available?

1 Accepted Solution

Accepted Solutions

Roman Rodichev
Level 7
Level 7

What you need is RRI (reverse route injection) enabled on the site-to-site tunnel. Cisco VPN 3000, ASA VPN and IOS VPN crypto support this feature:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

Once the tunnel comes up each side will inject a static route into the local routing table for the remote destinations. Your device knows remote destinations from the crypto access list. Next, you redistribute static routes locally into some dynamic routing protocol. ASA supports EIGRP, OSPF, RIP. IOS supports those three and a few other ones. Use some low metrics for the redistribution, and use high metric on the T1. This way site-to-site VPN will be preferred. If the tunnel fails, the static RRI route disappears and your T1 will become preferred in the routing tables.

Regards,

Roman

View solution in original post

3 Replies 3

Roman Rodichev
Level 7
Level 7

What you need is RRI (reverse route injection) enabled on the site-to-site tunnel. Cisco VPN 3000, ASA VPN and IOS VPN crypto support this feature:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_rrie.html

Once the tunnel comes up each side will inject a static route into the local routing table for the remote destinations. Your device knows remote destinations from the crypto access list. Next, you redistribute static routes locally into some dynamic routing protocol. ASA supports EIGRP, OSPF, RIP. IOS supports those three and a few other ones. Use some low metrics for the redistribution, and use high metric on the T1. This way site-to-site VPN will be preferred. If the tunnel fails, the static RRI route disappears and your T1 will become preferred in the routing tables.

Regards,

Roman

Thanks for the reply.  I tried RRI and the redistribution but somehow couldn't get the VPN connection to start.  That's why I kind of gave up on it.  I must be missing something.  But now that I have a direction, I'll keep trying.  Thanks again!

feel free to post here your VPN configuration for both sides