Redundant routes

Unanswered Question
Jul 17th, 2007
User Badges:

I have a remote site that is connected to my NY office via Sprint MPLS using what they call a halt-tunnel. I have a redundant circuit installed with a PIX at the remote location and set a default route on the router of the primary circuit using 3 as the admin distance. This works in directing the Internet traffic out properly, however I have setup a site-to-site VPN which comes up but the return traffic is lost. What can I do to set my PIX in NY to point the traffic to the correct route?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Tue, 07/17/2007 - 19:54
User Badges:
  • Red, 2250 points or more


Can you post a simple diagram representing your network with respective connectivities mentioned ?


frelaxx Wed, 07/18/2007 - 06:02
User Badges:

Here is a simple drawing of the setup. Be aware that the path through the Sprint cloud is the primary path and the IPSec tunnel is the redundant path. I have set an alternate default gateway on the primary router in the remote site to point to the IPSec circuit if the primary is unavailable. I tested this by failing the main line and I was able to get Internet traffic. I created interesting traffic by sending pings and the IPSec tunnel came up okay. However I didn't receive responses to the pings.

Can I set a parameters on the NY PIX to direct the traffic back to the remote site in this configuration when a failure occurs on the primary circuit?



This Discussion