Hi all,
My central site uses a PIX 515 to reach several remote LAN using PIX 501 or 515 with IPSEC tunnels.
I m wondering how I can provide a backup with ISDN since pix dont use routing entries (ACL selects traffic to encrypt) to reach the remote net !!!
So if each site uses a local router, how this router can see that tunnel is down on the PIX (due to an isp problem for example) and in this case deciding to contact the remote net by ISDN ? And how the central site will see it has to answer on the ISDN link and not on the VPN tunnel ?????
so the question is : If a tunnel is down, does the pix send an ICMP "destination unreachable" on the local lan if a host try to use this tunnel ?
I know the Concatrator can use RRI to populate a route if the tunnel is up, but i dont know if the pix is abble to use the same function !!!
Can I use RRI function if peers of a concentrator are some PIX ?
I dont know how two sites will backup on ISDN at the same time !!!
thanks for your help
Philippe