Failover of a link

Unanswered Question

I have a 7204 core router with two uplinks.  Initially, the one uplink was a singular uplink via PPPoE so we built our outbound NAT translations on it as well as our VPN sessions.

As of today, we have two links.  The second link has much less bandwidth and is only setup as a backup link.  What we have setup is as follows:

ip sla monitor 100
type echo protocol ipIcmpEcho <**HOST ON END OF PPPoE LINK**> source-interface Dialer1
timeout 1000
threshold 100
frequency 30
ip sla monitor schedule 100 life forever start-time now

!

track 100 rtr 100 reachability

!

interface FastEthernet1/0.110
description Link to BackupLink
encapsulation dot1Q 110
ip address <**STATIC_IP_ISSUED_BY_UPSTREAM**> 255.255.255.0
ip nat outside
ip virtual-reassembly

!

interface Dialer1
bandwidth 30000
ip address negotiated
ip access-group WAN-InboundACL in
no ip redirects
ip mtu 1492
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username <**PPPoE_USERNAME**> password 7 <**PPPoE_PASSWORD**>
crypto map RemoteAccessVPN
max-reserved-bandwidth 90
service-policy output QoS_Outbound

!

ip route 0.0.0.0 0.0.0.0 Dialer1 track 100
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0.110 100

!

ip nat inside source route-map OutboundNatBackup interface FastEthernet1/0.110 overload
ip nat inside source route-map OutboundNat interface Dialer1 overload

!

ip access-list extended VPN_Selector
remark ACL for VPN
permit ip 192.168.80.0 0.0.3.255 192.168.5.0 0.0.0.255

!

ip access-list extended OutBoundACL
permit ip 192.168.80.0 0.0.15.255 any

!

route-map OutboundNatBackup deny 20
match ip address VPN_Selector

!

route-map OutboundNatBackup permit 990
match ip address OutBoundACL
match interface FastEthernet1/0.110

!

route-map OutboundNat deny 20
  match ip address VPN_Selector

!

route-map OutboundNat  permit 990
  match ip address OutBoundACL

As you can see we have the primary link monitored and it will flip the default route if the primary link's monitoring goes down to the far end (I know i can do this with an "event manager applet" however I am looking to just get the simple things working).  I am wondering if, since I have the second link, do I need to match on the dialer interface on the old route-map OutboundNAT for each entry?  Also, any ideas as to what to do to make the VPNs come up across the new link.  I am guessing I setup a second crypto peer on the far end but how do I set this end to only have the VPN up on the primary path unless the primary path is down?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion