ciscofreak1241
MIS
I need to validate something or know of any good configuration to do this.
I have a Cisco 1800 Series router that has a T1 module (primary) and a DSL connection (Secondary) connected to one of the ethernet ports.
We have a VPN tunnel established with one site. I want the ability that if the T1 fails and fails over to the DSL the VPN will fail over to. I know there be some delay in order for the VPN to be reestablished.
What would be the best way to do this.
Any config examples and related URLs would be great.
Here is what my came up with and thought there may be another way, better way to do this:
crypto isakmp policy 10
encryption 3des
authentication pre-share
crypto ipsec transform-set 3des-set esp-3des esp-sha-hmac
crypto isakmp key cisco123 address 1.1.1.1
crypto map cm1 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set 3des-set
match address 112
crypto isakmp key cisco123 address 2.2.2.1
crypto map cm2 10 ipsec-isakmp
set peer 2.2.2.1
set transform-set 3des-set
match address 112
interface serial0
desc Primary: T1
ip address 1.1.1.2 255.255.255.252
crypto map cm1
interface ethernet1
desc Secondary: DSL
ip address 2.2.2.2 255.255.255.252
crypto map cm2
interface ethernet0
ip address 192.168.1.1 255.255.255.0
ip sla monitor 1
type echo protocol ipIcmpEcho 1.1.1.1
ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability
ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 123
ip route 0.0.0.0 0.0.0.0 2.2.2.1 254
ip route 192.168.2.0 255.255.255.0 serial0 track 123
ip route 192.168.2.0 255.255.255.0 ethernet1 254
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 112 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
I have a Cisco 1800 Series router that has a T1 module (primary) and a DSL connection (Secondary) connected to one of the ethernet ports.
We have a VPN tunnel established with one site. I want the ability that if the T1 fails and fails over to the DSL the VPN will fail over to. I know there be some delay in order for the VPN to be reestablished.
What would be the best way to do this.
Any config examples and related URLs would be great.
Here is what my came up with and thought there may be another way, better way to do this:
crypto isakmp policy 10
encryption 3des
authentication pre-share
crypto ipsec transform-set 3des-set esp-3des esp-sha-hmac
crypto isakmp key cisco123 address 1.1.1.1
crypto map cm1 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set 3des-set
match address 112
crypto isakmp key cisco123 address 2.2.2.1
crypto map cm2 10 ipsec-isakmp
set peer 2.2.2.1
set transform-set 3des-set
match address 112
interface serial0
desc Primary: T1
ip address 1.1.1.2 255.255.255.252
crypto map cm1
interface ethernet1
desc Secondary: DSL
ip address 2.2.2.2 255.255.255.252
crypto map cm2
interface ethernet0
ip address 192.168.1.1 255.255.255.0
ip sla monitor 1
type echo protocol ipIcmpEcho 1.1.1.1
ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability
ip route 0.0.0.0 0.0.0.0 1.1.1.1 track 123
ip route 0.0.0.0 0.0.0.0 2.2.2.1 254
ip route 192.168.2.0 255.255.255.0 serial0 track 123
ip route 192.168.2.0 255.255.255.0 ethernet1 254
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 112 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255