02-11-2002 05:01 PM - edited 02-21-2020 11:36 AM
Hi all,
I would like to do dial backup. My problem is I have a Primary VPN connection using ADSL and want to create a secondary VPN connection with a US Robotics modem hanging off my AUX port as the backup connection. What I need is when the tunnel goes down on the Primary VPN, I need it to initiate dial backup on the AUX port, create a Secondary VPN tunnel and Terminate to the same VPN head end that the primary tunnel was terminated to.
Can this be done?
Thanks
02-19-2002 06:43 AM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
02-19-2002 11:13 AM
You may be able to do this. What you will want to do is make a loopback interface on this router and use the crypto map (mapname) local address command and specify the loopback and be sure that you give this interface a public ip. Then make the other peer point to this loopback for its peer. Next have two static routes for the peer that you are connecting to. One with an administrative distance of say 1 and the other of 2. The one with the administrative distance of two should point out the other interface for the dsl connection. By configuring it this way you avoid having to have the tunnel rebuilt. You are simply just rerouting traffic.
02-19-2002 05:22 PM
It is not an easy task, but the good news is, it is doable.
Unfortunately, there is no sample configuration on this, because it involves a lot of other different technologies
One way to achieve that, is to enable GRE/IPSEC tunnels on the primary connection and run some routing protocol. Also enable floating static routes for the remote subnets with some higher admin distance. Routing protocol would keep track of the remote subnets. One the primary connection fails, then your routing would break too. Your static route would get installed in the routing table with the next hop being your other end of the modem connection
02-19-2002 08:14 PM
I have already done the EIGRP inside of GRE inside of IPSec and dial backup and it works. The problem is I have DHCP and PPPoE IP address assignements from many ISP's so how can I use the GRE without a static IP address?
ANY advice would help.
Thankss
02-20-2002 12:06 PM
I guess this is doable by configuring your GRE tunnel being the ip address of your private interface
and tunnel dest. being the private address of the remote side, similar to the one here:
http://www.cisco.com/warp/public/707/ipsecgrenat.html
Then encrypt the gre packets sourced from ur private destined to remote private
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide