887 VPN with adsl and isdn as backup

Unanswered Question
Jun 15th, 2010

Hi to all,

I have three router 887 I have to configure it in VPN using ADSL, but I want use the isdn interface as backup when ADSL fail to transport tunnel traffic. I have CCME and I have to ensure the voice traffic between offices also when adsl fails.

Anybody have a working example configuration, or suggestions?

Thank you very much

Augusto

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.crippa Wed, 06/16/2010 - 07:12

Yes now there are 2511 with HDSL and ISDN backup, but not VPN.

a.crippa Wed, 06/16/2010 - 07:37

Thanks Andrew,

>So you are going to install the 887 routers, and keep the existing ISDN setup?

No, really I can change the existing ISDN setup, is not a must maintain it, now isdn backup is used only to ensure a web/mail, but then I have to ensure VoIP.

>Do you run a dynamic routing protocol over the ISDN?

What do you it mean?

>Are the ISDN lines always up, or are they activated with interesting traffic?

No not alway up, I need isdn backup start with all type of traffic only if ADSL goes down.

I made a config but I'm not sure it works:

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
group 2
crypto isakmp key pwdVPN address 222.222.222.222
!
!
crypto ipsec transform-set ESP-AES128-SHA ah-sha-hmac esp-aes esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 222.222.222.222
set peer 222.222.222.222
set transform-set ESP-AES128-SHA
match address 103
!
!
interface BRI0
no ip address
encapsulation ppp
no ip route-cache
dialer pool-member 1
isdn switch-type basic-net3
isdn termination multidrop
isdn point-to-point-setup
!
interface ATM0
backup delay 10 30
backup interface Dialer0
no ip address
no ip route-cache
no atm ilmi-keepalive
service-policy output CCP-QoS-Policy-1
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address 88.88.88.88 255.255.255.252
ip access-group 100 in
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly
no ip route-cache
crypto map SDM_CMAP_1
pvc 8/35
  encapsulation aal5snap
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.20.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface Vlan100
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 100 in
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 180
dialer string 0000000000
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user1
ppp chap password pwduser1
ppp pap sent-username user1 password pwduser1
no cdp enable
crypto map SDM_CMAP_1
service-policy output CCP-QoS-Policy-1
!
!
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 0.0.0.0 0.0.0.0 Dialer0 100
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 104 remark CCP_ACL Category=2
access-list 104 deny   ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 104 deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 104 permit ip 192.168.20.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!

!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
route-map SDM_RMAP_2 permit 1
match ip address 104

Thank a lot

Augusto

Actions

This Discussion