Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
4
Helpful
3
Replies

ISDN backup for ADSL connected sites using separate router

mitchen
Level 2
Level 2

‎09-05-2005 02:45 AM

In our set-up we have a central site with a large number of remote sites connected.

We have moved a number of remote sites from ISDN connections to ADSL connections. However, we would like to keep the ISDN and use it for backup.

The problem I have is - how do I implement ISDN backup with our current set-up? From the documentation, I can see how to do this for more "straightforward" set-ups but not for the set-up we have! Let me explain:

At the central site, we have a Cisco 7206 router. The ISDN connected sites connect directly to this router (which is configured with a large number of dialer map statements for each site)

The 7206 connects to a PIX515E firewall. The ADSL connected sites connect over the public internet using IPSEC with the tunnels terminating on the PIX.

The 7206 router contains static routes for the ADSL connected sites, pointing to the firewall.

At the remote sites, we have a Cisco 837 router for the ADSL connection.

This is connected (via ethernet) to the router we want to use for ISDN backup - a Cisco 800. The 837 and 800 are configured with HSRP.

However, at the moment, if the 837 or the ADSL link was to go down, there would be no means to connect to the central site. How can we configure this to use the 2nd router for ISDN backup, given our set-up?

Any suggestions would be greatly appreciated!

(incidentally, I have only recently joined this company and have taken this over, without any information to go on as to why things are set up as they are !)

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎09-05-2005 10:00 PM

Hello,

if your primary 837 and the 800 ISDN router used for the backup are connected through HSRP, you would need to make the 837 the active router, and the ISDN router the standby. On the ISDN router, configure an IPSec connection to your main site.

Depending on the IOS version you are using, you might want to create a tunnel between your main router and the 837 for HSRP tracking purposes, that is, the active/standby failover would be triggered by the tunnel being down or up. In order for the tunnel interface to go down, you need to configure keepalives, a feature that was added in, I think, IOS version 12.2(8)T, check the document below for details:

Generic Routing Encapsulation (GRE) Tunnel Keepalive

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cec.html

On your ISDN router, you would need to configure IPSec for your DDR:

Setting Up IPsec on a DDR Link

http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080093c09.shtml

Let me know if you need specific help with the configurations...

Regards,

GP

mitchen
Level 2
Level 2
In response to Georg Pauwen

‎09-06-2005 02:57 AM

Hi,

thanks, thats a great help and certainly gives me some more to think about. Just a few questions to clarify things for me though:

1) So I set up a GRE tunnel between the 837 (remote site) and the 7206 (central office) Is this just a case of defining the GRE access-list and the tunnel interface on the 837? Do I need any additional config on the 7206?

2) Am I right in thinking that I can simply keep my current configuration for the IPSEC tunnel between the 837 and the PIX?

3) You mentioned creating IPSEC for the ISDN connection? Is this necessary as this would be a direct call between the sites? Is it simply for added security? (i.e. for initial set-up, could I get away without this step just to make things a bit less complicated for me!) At the moment, we still have a number of ISDN connected sites and none of these use IPSEC.

4) What I still don't fully understand is how the ISDN backup is going to kick in should the ADSL link go down? I understand the HSRP side of things and that the ISDN router would take over as Active.

However, how does my central site know that it should then be sending traffic over the ISDN link and not just forwarding the packets to the PIX as it had been doing?

Presumably, I need to make some routing changes here too? Or is there something else I've missed?

Thanks for your help so far - any further advice you can give would also be appreciated!

0 Helpful

mitchen
Level 2
Level 2
In response to mitchen

‎09-06-2005 07:40 AM

Hello again,

I think you can pretty much ignore my last message. I've done a bit more digging and I think I have a better idea of what you mean now!

Lets see if I've got this about right. To recap:

I need to set up a GRE tunnel between the remote site and 7206 router at head office, which in turn would be using IPSEC tunnel between remote router and PIX.

So, steps required:

1) set up IPSec tunnel to to PIX (this is the way it is already currenly configured - am I right in thinking no further configuration would be required as far as the PIX is concerned, for the new set-up?)

2) set up GRE tunnel between remote ADSL router and 7206 - requires tunnel interface on both router with start point and end point configured. Use GRE keepalive to enable the line protocol to be brought down if the far end cannot be reached.

3) Add static routes on ADSL router to reach head office network via tunnel interface

4) Add static route on 7206 router to reach remote network via tunnel interface

5) Configure ISDN map statement on 7206 mapping remote network to ISDN number

6) Configure "floating" static routes on 7206 to use ISDN to reach remote network

7) Configure HSRP on ADSL and ISDN routers with tracking of tunnel interface. If tunnel interface goes down, then ISDN router takes over as active.

8) Configure static routes on ISDN router to point to head office network using BRI0 interface.

So, under normal operation, traffic between head office and remote office will be routed across the GRE tunnel using the ADSL link.

If the ADSL link was to go down then the GRE tunnel would also go down. So, the 7206 would then use the floating static routes to reach the remote network via the ISDN connection.

The ISDN router would take over as active at the remote site since the tunnel interface would have gone down, forcing the HSRP to failover.

Does that all sound about right? Is there anything I've missed?

I'll start trying to put some configurations together when I get the chance - but, if its ok, I'll probably run these past you too, just to make sure they seem correct!

Thanks,

Neil

0 Helpful
Customers Also Viewed These Support Documents