Was wondering if anyone has any suggestions for a configuration I am trying to get going.
What I have is a Colo Data Center that is connected back to multiple sites via MPLS. Internet access is through the Colo for all sites. In case of a failure of the MPLS I am trying get an automated VPN to come up that would connect from an Adtran router with with a Verizon Wireless Card in it. I have the VPN up and that works. It is the automation piece that I am trying to figure out. So, currently the Pix has static routes that point everything towards the MPLS router for all of the sites. Everything else uses the MPLS router as a DGW and then the DGW for the MPLS is the Pix.
If there is a failure the VPN will come up but then there are the routes on the Pix that will just push everything back towards the MPLS. The provider is saying to put higher metric routes for the statics back to the MPLS but higher than what? When the VPN comes up there aren't really any routes there to push the traffic across the VPN.
The thought I had was that since the managed MPLS router at the colo is a Cisco router to have the provider redistribute the BGP routes back out to EIGRP which the Pix could pick up. In the case of a failure once EIGRP was updated there would be no route towards the MPLS and everything would just route out the DGW which would be the Pix.
Anyone dones anything like this before that might have some ideas?
A simple delay sensitive solution will be IP SLA in the PIX/ASA. When the MPLS interface of SiteA is unreachable,
a static route in the PIX/ASA pointing into the VPN tunnel becomes active. When the MPLS interface is available again,
then the route is removed.