Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 3620, PIX515, VPN and Routing.

Status
Not open for further replies.
pjwhitby

pjwhitby

MIS
Mar 21, 2002
5
GB
I have this scenario to fix :


<=> frame relay link => c3640 <===============>
c3620 switch
<=> pix515-a f/w <=> internet <=> pix515-b f/w <===>
<==VPN Tunnel==>

I hope thats clear !

Now my issue is this. The current setup does not have a VPN tunnel, therefore traffic from Site A (left) passes to Site B (right) via the Frame Relay link and internet traffic from Site A goes out via the PIX515-a firewall.

Now what I want to do is create a VPN Tunnel between pix515-a and pix515-b that will act as the primary conduit for data, yes I know this sounds daft, but I want the VPN to carry the traffic between sites with the Frame Relay link acting as a backup conduit.

I can create the VPN tunnel and get traffic to pass, thats not my problem, my problem is getting the Frame Relay circuit to act as the backup circuit. If the PIX could use HSRP then I would be okay, but I am at a loss on this one.

Any suggestions?, my gut feeling is that this just will not work. Any suggestions on how to make it work would also be gratefully accepted.

pjwhitby
cne/ccda/ccnp/mcse

 
Sort by date Sort by votes
I just read at Cisco's site that one of the Cons of using DDR is that &quot;It is dependent upon the interface going down. The router must detect that the primary interface line protocol is down for it to activate the backup link.&quot;

In my case the interface will NOT generally go down when the VPN tunnel is lost.

Perhaps &quot;floating static routes&quot; are a better choice?

RoundAbout
 
Upvote 0 Downvote
Round about is right, crap why didn't I see that, I'm getting sloppy. Uhhm, would say try using a floating static route.
 
Upvote 0 Downvote
I'm having some limited success with OSPF and distance metrics. Still working out some buggyness.

The problem I'm seeing is that when I assign a metric of 200 to the VPNs route it shows up as [200/0] in the routing table, but when I assign a metric of 220 to the Serial link (backup) it shows up as [110/65] or [110/75]?!?

The VPN route is also (sometimes) showing up as an &quot;S&quot; (Static Route) rather than an &quot;O&quot; for an OSPF route.

I'm confused.

I'm playing with adding cost and bandwidth values directly to the interfaces. THAT'LL TEACH 'EM! Bastards...

RoundAbout
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
332
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
318
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
300
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
311
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
391
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top