Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need to setup backup for VPN link 1

Status
Not open for further replies.
DeanA

DeanA

MIS
Jun 19, 2001
4
US
We have 2 sites connected via a VPN link - From a 2620 in our German office to a PIX 515 in our US headquarters. This link is working but it is only a 128kbps ISDN link to the ISP (UUNet) in Germany; the US ISP (Sprint) connection is a T1. We are looking for a way to bypass the VPN link if either the link itself, the US PIX, or the German 2620 go down. We have purchased a Cisco 1720 with an ISDN card for Germany; we have a 2620 in the US with an ISDN connection as well. I need to know what I must do to set up a fail safe backup between these 2 sites.

We have looked at setting up the German 1720 to dial ISDN direct to the US 2620, but the US 2620 does not know to re-route German traffic through it's ISDN link to the 1720.

I'm currently in Germany and due to leave Saturday so I have to get this fixed now!
 
Sort by date Sort by votes
Lots of this rely on routing protocols, which across the Internet you just can't rely on getting the necessary visibility to.

So to cut a long story short, a quick hack would be:
- Assuming that each office has a routing protocol in use, that can detect an equipment failure i.e. PIX, 2620 in Germany etc..
- Then configure the backup routers as follows:
- Dial support from US to Germany in case of US PIX failure
- Dial support from Germany to US in case of German 2620 failure
- At each dial router configure NAT for outbound traffic through the Ethernet (Source IP NAT). So that connections through the router can be re-routed correctly back through the backup router, rather than dying at the VPN system.
- I have heard some CCIE's mention floating statics with high admin cost as a means to backup OSPF networks via ISDN, which work by only becoming active when OSPF updates/routes no longer exist, maybe something similar exists for VPNs?

Areas of concern:
- Traffic originated from active site to a failed site would fail if the VPN isn't up. Routing would have to send traffic via backup system, I'm not sure if current routing protocols can detect VPN failure and update routing tables.

Enjoy,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
269
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
287
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
351
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
86
WhosYourDiffie
WhosYourDiffie
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
237
XLNTech1
XLNTech1

Part and Inventory Search

Sponsor

Back
Top