VPNs and T1s

Unanswered Question
Nov 15th, 2009

Well, here goes...I have two T1s going to two different sites coming back to my central site. I also have two firewall devices at these sites for Internet access.

I would like to set up two VPNs and sue the T1s as failover. It was suggested that I use OSPF as the failover routing protocol. I setup one connection using DOC ID: 63882 which describes VPN/IPSEC with OSPF and it works great. I've has several instances where the Internet went down and and the T1 kicked in and maintained connectivity with the central site. The problem seems to be it won't scale past one site to site connection.

I then though I would try a GRE tunnel to pass OSPF to the other site but without traffic to pass the tunnel will not come up since the T1 is passing all of the traffic in its direction.

I am using a ASA5510 at the central site and ASA5505s at the remotes. It almost looks like routers may have been a better choice.

Can anyone help me with this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Mon, 11/16/2009 - 06:53

Router would have been easier (IMO), you could have used DMVPN. Anyways, there are multiple configuration example for multiple tunnels. They don't all cover OSPF, but it sounds like you've got that part covered.



Hope it helps.

jgadbois Mon, 11/16/2009 - 07:01

I'm getting that impression that I should have gone router but my experience is mostly with firewalls and PIX/ASA. Thanks for your help. Sure wish there was something easier for ASA/PIX. But, after all, they are not routers.


This Discussion