I have a site-site VPN using Pix 515E's working. We'd like to a) expand the VPN to other sites and b) have a dial backup to the "main" site in the event of internet problems.
The Pix only accomodates ethernet interfaces, so I was thinking of using an internal router to handle the dialing. How can the internal router be told to dial? In previous configurations, the loss of routing tables was the trigger to use a high-cost static route via the BRI. I believe the Pix suppports dynamic routing protocols (RIP, OSPF) on the LAN side only. If so, would the loss if a VPN endpoint show as a change in the routing table which could be redistributed? Or, can the remote VPN endpoint be an OSPF neighbor, which would simplify the project greatly.
Thanks.
Lee.
The Pix only accomodates ethernet interfaces, so I was thinking of using an internal router to handle the dialing. How can the internal router be told to dial? In previous configurations, the loss of routing tables was the trigger to use a high-cost static route via the BRI. I believe the Pix suppports dynamic routing protocols (RIP, OSPF) on the LAN side only. If so, would the loss if a VPN endpoint show as a change in the routing table which could be redistributed? Or, can the remote VPN endpoint be an OSPF neighbor, which would simplify the project greatly.
Thanks.
Lee.