06-17-2009 06:09 AM - edited 03-04-2019 05:09 AM
Hello everybody,
i'm a little bit stucked here so i hope someone can point me into the right direction.
We have 2 1841 routers with ISDN BRI interfaces.
One Router (master) has two Ethernet interfaces pointing to LAN and WAN. The WAN interface is a public static IP.
The Router (slave) dials with a pppoe client into DSL an builds up a IPSec tunnel with the (master) peer. Works well
No i've configured a tracking object on the slave (a IP address behind the IPsec tunnel) so when the tunnel fails the ISDN Backup is triggerd. This works as well.
I have a problem though: on the master i have only one static route 0.0.0.0 0.0.0.0 WAN interface so the packets send from the slave never come back because of the default route.
How can i manage to insert another static route say 0.0.0.0 0.0.0.0 dialer2 (ISDN) only when the tunnel isn't available?
Thank you...
regards,
Chris
06-17-2009 06:18 AM
Use a floating static route.
06-17-2009 06:23 AM
Hi, thank you for your reply. Does this mean i have to use ospf as a routing protocol?
The IP Adress of the Dialer 1 (pppoe interface) is negotiated and dynamic.
06-17-2009 06:25 AM
Not necessarily, but in many cases routing makes things easier.
How do you obtain address also doesn't matter.
Note this kind of configurations are better done by a professional, if you never did it before it can take a lot of trial and error to get it 100% right.
06-17-2009 06:40 AM
"Note this kind of configurations are better done by a professional, if you never did it before it can take a lot of trial and error to get it 100% right."
:) you're so right, now this is the 3rd day of trial and there where more errors :)
I cannot see any CLI commands any more :(
OK, i'll try to figure this out.
06-17-2009 09:44 AM
CCO contains so much information on how to set up dial backup with floating statics and/or routing protocols, you might want to check out these examples instead of spending additional time with trial and error.
This example has a serial connection as the primary path, but it could as easily be a VPN tunnel.
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080093f7e.shtml
06-17-2009 10:19 AM
I'm glad that you recognize my point.
Unfortunately many people refuse to see the point of paying $200 to have it done professionally.
At least, that is what I would charge.
06-18-2009 12:10 AM
I agree with you to pay professionals but lets face the facts: people are spending a couple of hours to digg deep into the documetation to finaly find out that the documentation isn't quite suitable for them (outdated, wrong requirements, etc).
Now there's two kind of people:professionals and professionals. One professional is very good in doing WAN Routers, the other only LAN Switching etc.
We are 3 people here and have to run a network (LAN/WAN/VPN/Firewall/ etc) with over 1300 employees and 1500 customers.
So you see its not the point of paying 200$ or 2000$ for a professional, this is given.
Its the point of having a very easy/basic setup (Site-to-Site VPN with ISDN Backup) and you need a little hint how to do it.
To cut a long story short: i've managed to fix it.
In the attachement are the configs of the two router and a network plan of the setup.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide