Re: VPN Backup

peter.saldanha · ‎06-25-2005

Hi

I have a PIX to PIX vpn configured and working properly. Now I am going to have direct leased line between these two sites. Since this leased line connection is faster, I want this to be a primary link and if this fails the traffic should switch to PIX to PIX vpn. How this is possible?

Peter

aacole · ‎06-25-2005

Peter,

I've done this several times, it quite straight forward.

The way I would do this is as follows. Use a router on the ends of the new LL, set this as your default gateway. Run OSPF or EIGRP across this link, so if the link fails the remote site drops out of the local router's routing table. You could use a static route here, all that's needed is to ensure that the router interface goes down if the LL fails. Running a routing protocol ensures this due to loss of hello packets.

At both ends use a floating static route with the remote site's subnet, point this at the PIX.

So when the LL fails, the remote network drops out of the routing table, then the new route via the PIX is added, and traffic flows across the VPN.

If your also using the PIX's for Internet connectivity set a default route on the routers pointing at the inside interface of the PIX.

Let me know how you get on, or if you have any more questions.

Andy

peter.saldanha · ‎06-27-2005

Andy

Do you sample configuration for this. I am using EIGRP in the routers.

Peter

aacole · ‎06-28-2005

Peter,

I;ve doe a visio that shows this, with some configuration. One point I've not shown is a default route for Internet traffic. This only demonstrates how to use a floating static to provide backup across the VPN. Use a similar configuration on both R1 and R2.

Hope this helps, just ask if not.

Andy