cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
625
Views
0
Helpful
7
Replies

Site-to-Site DSL VPN with ISDN Backup

syntaxmonster
Level 1
Level 1

Hello everybody,

i'm a little bit stucked here so i hope someone can point me into the right direction.

We have 2 1841 routers with ISDN BRI interfaces.

One Router (master) has two Ethernet interfaces pointing to LAN and WAN. The WAN interface is a public static IP.

The Router (slave) dials with a pppoe client into DSL an builds up a IPSec tunnel with the (master) peer. Works well

No i've configured a tracking object on the slave (a IP address behind the IPsec tunnel) so when the tunnel fails the ISDN Backup is triggerd. This works as well.

I have a problem though: on the master i have only one static route 0.0.0.0 0.0.0.0 WAN interface so the packets send from the slave never come back because of the default route.

How can i manage to insert another static route say 0.0.0.0 0.0.0.0 dialer2 (ISDN) only when the tunnel isn't available?

Thank you...

regards,

Chris

7 Replies 7

paolo bevilacqua
Hall of Fame
Hall of Fame

Use a floating static route.

Hi, thank you for your reply. Does this mean i have to use ospf as a routing protocol?

The IP Adress of the Dialer 1 (pppoe interface) is negotiated and dynamic.

Not necessarily, but in many cases routing makes things easier.

How do you obtain address also doesn't matter.

Note this kind of configurations are better done by a professional, if you never did it before it can take a lot of trial and error to get it 100% right.

"Note this kind of configurations are better done by a professional, if you never did it before it can take a lot of trial and error to get it 100% right."

:) you're so right, now this is the 3rd day of trial and there where more errors :)

I cannot see any CLI commands any more :(

OK, i'll try to figure this out.

CCO contains so much information on how to set up dial backup with floating statics and/or routing protocols, you might want to check out these examples instead of spending additional time with trial and error.

This example has a serial connection as the primary path, but it could as easily be a VPN tunnel.

http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080093f7e.shtml

I'm glad that you recognize my point.

Unfortunately many people refuse to see the point of paying $200 to have it done professionally.

At least, that is what I would charge.

I agree with you to pay professionals but lets face the facts: people are spending a couple of hours to digg deep into the documetation to finaly find out that the documentation isn't quite suitable for them (outdated, wrong requirements, etc).

Now there's two kind of people:professionals and professionals. One professional is very good in doing WAN Routers, the other only LAN Switching etc.

We are 3 people here and have to run a network (LAN/WAN/VPN/Firewall/ etc) with over 1300 employees and 1500 customers.

So you see its not the point of paying 200$ or 2000$ for a professional, this is given.

Its the point of having a very easy/basic setup (Site-to-Site VPN with ISDN Backup) and you need a little hint how to do it.

To cut a long story short: i've managed to fix it.

In the attachement are the configs of the two router and a network plan of the setup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco