ISDN dial backup for IPSec connection between VPN3000 and Router

berndtonn · ‎09-04-2002

Hi,

in our central site we have a VPN3015 concentrator and a 3640 with ISDN PRI interfaces. In our remote locations we are using 1720s with IPSec for the internet connection (Ethernet) and additional ISDN ports.

How can we establish an automatic ISDN backup for the VPN connection ?

It should be possible to use RRI on the VPN3000 to switch the routes in our

central site, but how can we force routing using the ISDN on the remote routers ? Is there any way to influence routing based on the existence of an

IPSec tunnel (if the physical interface is up in both cases) in IOS ?

As far as I know GRE tunnels are not supported in VPN3000,

so there is no option to use a tunnel interface on the routers ?!

Best regards,

cjacinto · ‎09-07-2002

You could try a few things.

One is to use a loopback on the 1720 router as the ipsec peer on the VPN 3000. Then turn on isakmp keepalive on the router see:

http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/vpne_an.htm

On the router you would have to default routes to the internet (or towards the VPN 3000) with the one via the isdn having a higher metric (ie using floating static) or you could have the isdn as a backup interface to the ethernet so that if it physically goes down the isdn dials (ie using backup interfaces) - you need to evaluate what backup scenarios you need.