Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
0
Helpful
3
Replies

Urgent help: ISDN backup for VPN

pax_2111
Level 1
Level 1

‎07-13-2002 07:15 AM - edited ‎02-21-2020 11:55 AM

Hi,

I have a setup like this:

------ watched ----------- --------------- -------------

PIX | ---- subnet -------| router 1|--------|ISP Cloud |-------| router2 |

------ ---------- ----------- -------------- -------------

router 1 and 2 connect to ISP with frame-relay. They areon different subnets

Between PIX and router2 I have VPN. I want to create a backup solution with ISDN for the VPN.

Both routers have default routes pointing to the ISP side of the Frame-relay connection.

Also router 1 is the HQ router where multiple sites terminate traffic.

I have created a GRE tunnel between router 1 and 2, and OSPF is running on both. Also I configured

dialer-watch on router 2 to detect the disappearnce of watched subnet and dial to router 1.

(something witch it does, when I shutdown the serial interface on router 1 or apply an access list)

The problem I'm facing is the following:

The conection might go down without affecting the status of the frame-relay interfaces

(something might happen int the ISP cloud).

How I'm going to route traffic from the main connection to the ISDN connection, especially on router 1, where

ip route 0.0.0.0 0.0.0.0 dialer0 200 will not be helpful at all.

Any clues? I'll appreciate it.

If someone interested to help I can email the router configs.

This issue has been torturing me for 2 weeks, yet no solution.

Thanx for any help.

Labels:
0 Helpful
3 Replies 3

bdowney
Level 1
Level 1

‎07-13-2002 09:34 AM

I would think that your remote site (router2) would advertise it's local routes over the ISDN when dialed up. And if the connection is broken (not reciving routes over the VPN) then the only route for Router1 to the remote site would be over the ISDN. I don't see (or understand) your problem.

0 Helpful

yusuff
Cisco Employee
Cisco Employee

‎07-14-2002 03:43 AM

Here's a sample config I wrote on what you are trying to configure.

Configuring IPSec Redundancy over ISDN Using Dialer Watch

http://www.cisco.com/warp/public/707/ipsec_dialerwatch.html

HTH

R/Yusuf

0 Helpful

pax_2111
Level 1
Level 1
In response to yusuff

‎07-14-2002 05:18 AM

thanx guys for your help.

I hadn't explained the problem well.

Dialer watch is working fine. But the problem is that behind router 2 and the PIX I have NAT. So I can't advertise those networks to router 1, as the NAT-ed addresses are transparent to it because of IPSec.

IF I shut down the main interface on router 2, I'm able to ping addresses behind the PIX, although the reverse is not working, as it's being directed to the serial interface of router 1.

If I shut down the main interface on router 1, nothing is happening as the packets are being directed to the serial interface .

Was I clear?

I appreciate any help

thanx

0 Helpful
Customers Also Viewed These Support Documents