We've got two 1800 routers connected via IPSEC VPN using a tunnel interface. The router at the branch office is using a T1 on Serial0/0/0 and we'd like to connect DSL service to Fa0/1 as a backup.
Now, problem I see is that we use static routing. On the branch router it has a default route pointing to the original Tunnel interface that uses the T1 line. Then it has several other static routes pointing to the serial interface itself. Tried an experiment creating floating static routes that would bounce to a second Tunnel interface or the Fa0/1 interface if the first failed, however, I don't think that works correctly. Tried shutting down the serial interface (wisely scheduling a reload for a couple minutes later), but the second tunnel never came up.
I'm sure there is a better way of doing this and would appreciate any pointers.
I guess I'm still confused. That solution seems a little more complex than what I'm trying to do.
Here is what I understand:
1. develop an sla to monitor a connection on the primary interface
2. Configure static default routes: The first points to the default interface and is tracking the sla. The second goes to the backup interface and has a metric so that it only becomes active should the default fail or should the tracking be interrupted.
Where I get confused is in regards to the VPN Tunnels. Here's the relevant current config of the main site-to-site router:
And the current default route on the branch router is:
ip route 0.0.0.0 0.0.0.0 TunnelA
So I know that what I will eventually need on the branch router is something like this:
ip route 0.0.0.0 0.0.0.0 TunnelA Track 1
ip route 0.0.0.0 0.0.0.0 TunnelB 10
My question is, in regards to using Tunnels, is there anything special I need to do aside from having two Tunnel interfaces (one utilizing the T1 interface and one utilizing the DSL FA0/1 interface) on each end (one the primary, one the secondary) and can I share the same crypto key and crypto map for the two tunnels, or do I need to create separate ones?
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 188.8.131.52Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 184.108.40.206R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...