cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1634
Views
0
Helpful
3
Replies

Best way to implement failover for branch office connectivity

We have AT&T Managed MPLS service are our datacenter and our branch office locations.  AT&T has provided the routers and simply give us an ethernet connection.  We also have ethernet connectivity to the internet through our datacenter...with our network being protected by an ASA 5520.

Each branch location has a 29xx series router (voice gateway) and switching gear attached to their AT&T MPLS router.  Some of our branches also have 3rd party cable internet service with an ASA 5505 to protect it from the internet.

What I'd like to do is better utilize this cable modem/ASA5505 setup.  Right now, if there were an outage, I would be connecting manually to the remote location to change static routes to point to the cable link and to configure a VPN tunnel between the remote and our DC.

From some of the research I've been doing, it looks like using GRE and some routing protocol would be a possible solution....i'm just not sure of the best way to implement in this scenario.

Would anyone be able to confirm that this would be a good option for me or maybe offer another solution?

Many thanks!

1 Accepted Solution

Accepted Solutions

mrussell2012
Level 1
Level 1

My network is very similar to yours. Talk to AT&T about a service of theirs call ANIRA. It will allow you to use an Internet connection to provide a backup connection at each site. At&t will provide you a router that has a vpn connection to at&t that will punch your traffic back into your mpls network. i use vrrp and then monitor a ip sla to trigger the backup connection.

Sent from Cisco Technical Support iPad App

View solution in original post

3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

Using MGRE between the branches and the hub data center site a good way to have a backup over the Internet with less amount of tunnels and scalable solution but you need to use routers for tunnels termination as firewall dose not support it

Also make sure you secure the tunnel with IPSec

This way you can run a routing protocol of the mgre runnels and tune routing to make sure the path over the tunnel to be used as a failover link/path only

Hope this help

Sent from Cisco Technical Support iPhone App

mrussell2012
Level 1
Level 1

My network is very similar to yours. Talk to AT&T about a service of theirs call ANIRA. It will allow you to use an Internet connection to provide a backup connection at each site. At&t will provide you a router that has a vpn connection to at&t that will punch your traffic back into your mpls network. i use vrrp and then monitor a ip sla to trigger the backup connection.

Sent from Cisco Technical Support iPad App

mrussell2012 - I know this is pretty old, but we are looking at doing the same.  How are you controlling the metric going in to BGP from the Anira?  I've setup one as a test, but from our HQ side, the route metric is 0 from the Anira.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: