Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
12
Helpful
3
Replies

ISDN backup for VPN between VPN3000 and Router

berndtonn
Level 1
Level 1

‎08-16-2002 03:40 AM - edited ‎02-21-2020 12:00 PM

Hi,

in our central site we have a VPN3015 concentrator and a 3640 with ISDN PRI interfaces. In our remote locations we are using 1720s with IPSec for the internet connection (Ethernet) and additional ISDN ports.

How can we establish an automatic ISDN backup for the VPN connection ? Is it possible somehow using OSPF ?

Thank you very much.

Labels:
0 Helpful
3 Replies 3

paqiu
Level 1
Level 1

‎08-16-2002 05:34 PM

Hi,

I think you can enable the OSPF in the VPN 3015. The problem is that the OSPF will not be able to cross the VPN tunnel from VPN 3015 to build up the neighbor with remote end.

So you need enable reverse-routing ejection in the VPN 3015, advertise the routes through OSPF advertise the reverse routes from remote VPN sites to the 3640.

In the 3640, you can enable dialer-watch to watch remote network, when the remote nework disapeared from the routing table, (VPN3015 VPN tunnel down), the ISDN will come up, then it should be working fine.

Check following two url for more details with RRI:

http://www.cisco.com/warp/customer/471/rri.html

Best Regards,

berndtonn
Level 1
Level 1
In response to paqiu

‎08-28-2002 07:19 AM

Hello,

using RRI might switch the routes in our central site, but how can I force routing using the ISDN on the remote routers ? Is there any way to change routing based on the existence of an IPSec tunnel (if the physical interface is up in both cases) in IOS ?

As far as I know GRE tunnels are not supported in VPN3000, so there is no option to use a tunnel interface on the routers ?!

You mentionend to give two URLs, but I can see only one. Perhaps the missing one will answer my questions ?!

Best regards,

0 Helpful

bbocaner
Level 1
Level 1
In response to berndtonn

‎09-09-2002 04:41 PM

If you wanted to use GRE and IPSec tunnels, you could build the IPSec tunnel to the VPN 3000 and then the GRE tunnel to a different router behind the 3000.

If the whole point is to let the remote site router know when the VPN is down so it can dial it's ISDN, how about using BGP between some router at your central location and your remote site router. Announce some arbitrary route and use dialer watch on that route.

Customers Also Viewed These Support Documents