Cisco Point to Point with VPN backup

[cmaass]

My customer has a cisco 1800 series router on each end of its two offices. they have a bonded 3meg point to point T-1 between the routers. They want all traffic(voice and data) to go over the point to point. They also have as backup a vpn tunnel between there firewalls.

Is there a way to setup in the routers that if the point to point goes down to point traffic to the firewalls so that they then grab the vpn tunnel to use? Like a "floating route" or something.

I'm pretty new to routers so please bear with me.

Thanks in advance
Chris

 

[plshlpme]

your initial default route will be like

0.0.0.0 0.0.0.0 x.x.x.x
you can put a second static route...
0.0.0.0 0.0.0.0 y.y.y.y 100

the 100 at the end changes the administrative distance of the static route and will make it less desirable..

so if the T1 were to fail. the primary route would be removed from the routing table and the secondary one would take over..

the default admin distance on a static route is 1.. and the lower the admin distance the better the route as far as the router is concerned.

 

[cmaass]

Thanks alot plshlpme, I appreciate it..

 

[nyy1023]

To accurately respond we need topology info.
You have a point to point T-1, but if that T-1 goes down then no traffic will flow anywhere. I need to understand more of what you have.

Also, the firewall is behind the router. So if the T-1 goes down the Firewall needs to know where to send the traffic not the router. In the firewall all routes. 0.0.0.0 will go to the outside interface, or the router next hop, the router will have the static route out as well. If you want the traffic to take the tunnel then you need a secondary route in the firewall to state that.

 

[mprimeau]

I have a similar situation. I have several sites that are connected back to our corporate offices via point to point t1's. I am being requested to created backup vpn tunnels to corporate. THe routers are currently running OSPF but i have been told that I will have to redo all the routing static. IS this true?

Chris, your situation doesn't sound too bad. Like nyy1023 said, more info is needed but it sounds like you can use weighted routing to accomplish this along with a site-to-site vpn.

 

[nyy1023]

mprimeau - You should not have to run static unless you want to. That could get very busy and cause a lot of overhead that is not needed by the flexability of dynamic routing, OSPF or EIGRP should do just fine.

 

[cmaass]

The firewall is being maintained by another vendor. But are you saying that the firewall needs to have the same setup(routes) as my router??

 

[nyy1023]

need to know the topology and what you are wanting to accomplish before a solid answer can be given

 

[cmaass]

I'll get the info up this afternoon.. Thanks guys

 

[mprimeau]

nyy1023,
how can i set up a site to site vpn as a backup and route the traffic using ospf? Like cmaass said, a floating static route or is there another way? Like i said, everything right now is connected using point-to-points and ospf for routing.