Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Backup Route - How to Help Please !

Status
Not open for further replies.
tangerine0072000

tangerine0072000

Technical User
Joined
Apr 20, 2005
Messages
83
Location
GB
I have two office locations A & B
There is a point-to-point connection between these two locations (typical leased line).
I also have a VPN between these locations for backup purposes.

My Question:
The users at location 'A' have their default-gateways pointing to a Cisco 2600 on the LAN. This directs traffic up the point-to-point link. What I would like to do is have this router re-direct traffic accross the VPN if the point-to-point link becomes unavailable, but not sure if this is posible?
 
Sort by date Sort by votes
Sure. Use a routing protocol such as EIGRP and set the default route to the VPN link. While the P-P is working, each router will inform the other about the networks that it knows, and indicate that it is the next hop to get there.

When the link goes down, the routers will forget what they know as they detect the loss of a neighbor. They'll recalculate their routing tables, see that the next hop disappeared and there's no replacement, and send traffic out the default gateway.

 
Upvote 0 Downvote
Thanks for your reply. Do you think I could achieve the same result with a standalone router at each site re-directing traffic across two different VPN's, as I plan to remove the leased line ?

The routers wouldn't be directly connected to the VPN, but simply sitting on the LAN performing ICMP redirects and directing traffic to one of the firewalls and then the other when it fails.

Do you know if EIGRP can be used this scenairio because the routers would sit on the LAN (default-gateway for users) and not directly connected to each other.

Hope I make sense.
 
Upvote 0 Downvote
If both these VPN's will be built via the Internet, I personally wouldn't deploy a LAN routing protocol over them - I wouldn't consider it that reliabile in my opinion.

Mt preference would be use reliable static routing. The following URL explains how to set it up (need IOS 12.3 at a min to use this feature)

 
Upvote 0 Downvote
Thanks for your reply.

My router would sit on the LAN with say an address of 192.168.1.1
My firewalls would be 192.168.1.2 and 192.168.1.3

Would this feature 'reliable static routing' work in this scenairio ?



 
Upvote 0 Downvote
Sure why not.

Point your static route to the first PIX. You can then get SAA to probe (ping) your remote primary VPN endpoint through this PIX. If the primary remote VPN endpoint stops responding to the probes, your secondary static route would kick in and redirect the traffic to the 2nd pix.

Just need to make sure that both PIX's pass the probe (ICMP) traffic in and out.

Hope this helps
 
Upvote 0 Downvote
Great, I think I'm almost there with it, so all I need is a single router and ethernet port. I was worried that I might have to run each firewall on a seperate router interface resulting in the use of 3 interfaces, but if I understand you correctly I just need the one on the local LAN, is that right ?
 
Upvote 0 Downvote
You can run this with a single router interface connection so long as you can reach both PIX's through this interface.
 
Upvote 0 Downvote
Does this require a special version of IOS because I've downloaded and applied 12.3.17, but when going through the command options it doesn't understand the following.

track 123 rtr 1 reachability

it fails on the 'rtr' as an unrecognized command.

any ideas ?
 
Upvote 0 Downvote
Hmm I thought this was available on most IP feature packs but that would likely change depending on the model in question.

What model of Cisco router do you have? Let me know the DRAM and Flash sizes too.
 
Upvote 0 Downvote
Thanks,
Testing this on a 2620 with 8mb Flash and 32 NVRAM
 
Upvote 0 Downvote
I've checked and the bad news is.. they don't yet support reliable static routing on the 2620. They support it on the 2620Xm but that doesn't really help you.

Unlss you're able to use a more current Cisco router. I'm guessing you will have to run a LAN routing protocol over both VPN's to get the resilience you're looking for.

 
Upvote 0 Downvote
No worries, thanks for your help.
Do you think the 1700 will do it. Is there an easy way to determine which router supports. Maybe time to go Ebay shopping !
 
Upvote 0 Downvote
Some 1700 models do.. some don't. If you have access to the Software Advisor on CCO, I'd use this to check it supports what's required before you finally select the model you want.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
798
madwok
madwok
Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
322
Blackybear
Blackybear
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
403
badwolf1686
B
Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
701
Jared R
Jared R
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
560
CPM86
CPM86

Part and Inventory Search

Sponsor

Back
Top