Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
5
Replies

Dial Backup VPN Tunnel?

jerry.roy
Level 1
Level 1

‎02-11-2002 05:01 PM - edited ‎02-21-2020 11:36 AM

Hi all,

I would like to do dial backup. My problem is I have a Primary VPN connection using ADSL and want to create a secondary VPN connection with a US Robotics modem hanging off my AUX port as the backup connection. What I need is when the tunnel goes down on the Primary VPN, I need it to initiate dial backup on the AUX port, create a Secondary VPN tunnel and Terminate to the same VPN head end that the primary tunnel was terminated to.

Can this be done?

Thanks

Labels:
0 Helpful
5 Replies 5

ciscomoderator
Community Manager
Community Manager

‎02-19-2002 06:43 AM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

chlovell
Level 1
Level 1

‎02-19-2002 11:13 AM

You may be able to do this. What you will want to do is make a loopback interface on this router and use the crypto map (mapname) local address command and specify the loopback and be sure that you give this interface a public ip. Then make the other peer point to this loopback for its peer. Next have two static routes for the peer that you are connecting to. One with an administrative distance of say 1 and the other of 2. The one with the administrative distance of two should point out the other interface for the dsl connection. By configuring it this way you avoid having to have the tunnel rebuilt. You are simply just rerouting traffic.

0 Helpful

jfrahim
Level 5
Level 5

‎02-19-2002 05:22 PM

It is not an easy task, but the good news is, it is doable.

Unfortunately, there is no sample configuration on this, because it involves a lot of other different technologies

One way to achieve that, is to enable GRE/IPSEC tunnels on the primary connection and run some routing protocol. Also enable floating static routes for the remote subnets with some higher admin distance. Routing protocol would keep track of the remote subnets. One the primary connection fails, then your routing would break too. Your static route would get installed in the routing table with the next hop being your other end of the modem connection

0 Helpful

jerry.roy
Level 1
Level 1
In response to jfrahim

‎02-19-2002 08:14 PM

I have already done the EIGRP inside of GRE inside of IPSec and dial backup and it works. The problem is I have DHCP and PPPoE IP address assignements from many ISP's so how can I use the GRE without a static IP address?

ANY advice would help.

Thankss

0 Helpful

jfrahim
Level 5
Level 5
In response to jerry.roy

‎02-20-2002 12:06 PM

I guess this is doable by configuring your GRE tunnel being the ip address of your private interface

and tunnel dest. being the private address of the remote side, similar to the one here:

http://www.cisco.com/warp/public/707/ipsecgrenat.html

Then encrypt the gre packets sourced from ur private destined to remote private

0 Helpful
Customers Also Viewed These Support Documents