Redundant / Failover VPN tunnel

Answered Question

Hi All,

We have several remote sites using PIX 501's back to cvpn 3015--works great. We would like to implemement a backup peer device in HQ on isp B (testing with just a PIX 501)...PIXs are default gateway for remote sites, and 3015 is in parallel with our firewall in HQ. We use static routes on an internal layer 3 switch to route through 3015 to remote sites. How would we be able to route internally to backup PIX (or concentrator if we get another)? I have an old 2500 I could use internally, if necessary, since the switch is non cisco and RIP / static routing is buggy on it.

Thanks much in advance!

I have this problem too.
0 votes
Correct Answer by acomiskey about 9 years 6 months ago
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)

Well...points just for replying--thanks a million. Looks good, but RRI will always show routes whether the tunnel is up or not, which won't help in this case. HSRP also won't apply in this case as we don't have an external router.

Nevertheless..I had given up hope for a reply, so I'm glad you did, and the info looks promising for future designs!

This looks fantastic and was exactly the concept I was looking for. I was scratching my head wondering why something like this didn't exist to do simple tests on whether an ip was up or down...looks relatively new(?) Too bad my 2500 won't run that level IOS with the memory it has, but I can always find something around here that will ;)

Thanks to all who replied!!!!


This Discussion