In one of our branch office situated in a different country, we have a primary link which is through the satellite. Our secondary link is a vpn tunnel.
This branch office has a different firewall to that of the head office firewall in which they have their own ISP. The Primary link (VSAT) is through a service provider of satellite links back to our headoffice. At this branch office we have a router that connects to a DTU through the serial interface which connects a 128Kbps LL back to the Service provider which then gets on to the Satellite router to go out to our headoofice. One of the Fast Ethernet interface connects up the LAN switch. The LAN switch then has the Firewall connected to it.
Problem: When there is a failure with the primary link we expect the traffic to switch automatically to the VPN tunnel which is currently configured on the firewall. This does not happen and as such we have to unplug the cable between the router and the DTU for the primary link. When this cable is unplugged then traffic starts diverting to the VPN tunnel through the Firewall out to the internet. The traffic is actually between the headoffice and the branch office. This problem is taking us too long to resolve and it's been around for a year now. I need urgent help from you guys.