Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
5
Replies

PIX Site to Site VPN with ISDN Backup Dial?

patrick.bolt
Level 1
Level 1

‎12-16-2005 01:18 AM - edited ‎02-21-2020 02:09 PM

Hello

I have to implement a VPN connection (PIX to PIX with IPsec) from a branch office to the headquarter. There will be some type of Internet connection (DSL or leased line with public IP's) at branch office. The VPN config is straight forward but the business requirements are that there must exist a ISDN backup directly into the headquarter.

Has anyone any idea how to design that network? My primary problem is the routing of traffic between headquarter and branch. OSPF cannot be used with ISDN and static routes are not changed in case of VPN failure to point to isdn. ISDN backup dial interfaces are although not possible due to different devices.

Thanks for some idea

Patrik

Labels:
0 Helpful
5 Replies 5

spremkumar
Level 9
Level 9

‎12-16-2005 01:32 AM

Hi

I feel you may be using a router to dial out for the backup purpose.

In this case is it possible to find out the chances in terminating the LL or DSL line in the router itself.

So that the router can take care of routing part and ur pix dont need to worry about that.

It will take care of the VPN connectivity irrespective of reachability thru LL or ISDN.

To be precise u can configure the default route in ur pix pointing to the routers ehternet interface.

On ur router configure the reachability to the locations using static via the primary link and add a floating static route i.e., with some admin distance via the isdn backup link.

regds

0 Helpful

patrick.bolt
Level 1
Level 1
In response to spremkumar

‎12-16-2005 02:44 AM

Thanks

This solution doesnt meet the security requirements. In this case the router outside the firewall connects directly into the company net over isdn. The ISDN Router must stay behind the PIX in a high security level network segment. A solution could be a router outside the PIX with ISDN dialing into an ISP. The PIX could use can use ISDN or DSL tranparently. But what to do if the Headquarter PIX or Internet connection is down. In this case VPN is although down.

Can you see the problem?

Thanks and Greets Patrik

0 Helpful

spremkumar
Level 9
Level 9
In response to patrick.bolt

‎12-16-2005 04:25 AM

hi

i was quoting keeping the kinda scenario/topology as attached with this post.

i would also suggst u to put it in a diag stating how ur pix is connecting now directly via DSL on both the ends and where ur going to place the router for isdn dial back..

regs

Preview file
856 KB
0 Helpful

battanc
Level 1
Level 1
In response to spremkumar

‎01-04-2006 05:47 AM

One more question from me: while main line down (VPN via ISDN) the ISDN line is allways UP, unregarding of no-interesting traffic to send trough the VPN (for example: branch office closed for week-end).

Regards,

Claudio

0 Helpful

spremkumar
Level 9
Level 9
In response to battanc

‎01-04-2006 06:53 AM

Hi

Interesting traffic can be mentioned out using dialer-list ,i think by default you have all the protocol/traffic to trigger out the isdn and keep them on.

Would suggest to check out the same using ACL matching only the interesting traffic(matching ur local lan and the remote local lan).

Also will be needing more info like whether u hve deployed any routing protocol out there in ur router to take care of the routing part..

regds

0 Helpful
Customers Also Viewed These Support Documents