Establishing primary and backup route

Unanswered Question
Jul 14th, 2003
User Badges:

Hello, here's our network diagram and perhaps someone could help me on this.


Currently we have MPLS connection between site A (Cisco 2621XM) and B (Cisco 2621XM) and also have Nokia IP350 firewall (with Checkpoint NG FP3) on each site to establish site-to-site VPN connection.


(Cisco 2621XM) ---------- MPLS Cloud --------- (Cisco 2621XM)

192.168.1.1 10.140.71.254


(Nokia IP350) ----------- Internet ----------- (Nokia IP350)

192.158.1.100 10.140.70.254


We've been using VPN connection over the internet until we have MPLS T1 terminated. As soon as I enabled the ethernet interface of MPLS router, we lose VPN connection and still not able to talk to any host at the other end. Looks like we have some routing issues. I have to shut down the ethernet interface in order to maintain VPN connection.


Is it possible to keep all the interface enabled and switch MPLS as the primary link and Internet T1 as secondary link?

So that when primary link has a problem, it could fail over to secondary link automatically.


Thank you very much for your help in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rwiesmann Mon, 07/14/2003 - 21:51
User Badges:
  • Bronze, 100 points or more

hi


Have you any dyn. routing protocol or static routes in palce eather at site A or B?


The 2621XM and the Nokia's are the only devices at each location capable of routing?


Regards

Roger

vcjones Fri, 07/18/2003 - 05:53
User Badges:
  • Silver, 250 points or more

Assuming the Nokia and Cisco are on the same LAN at each end, this should be simple.


1. Make the Cisco the default gateway for all users.


2. Run BGP between the two Ciscos over the MPLS cloud.


3. Install floating static routes on the Cisco's pointing to the local Nokia as the backup path.


4. Set up the Nokia's to forward everything they receive across the VPN.


If the Nokias and Ciscos are not adjacent at each end, the configuration gets more complex, but is probably still possible.


Good luck and have fun!


Vincent C Jones

www.networkingunlimited.com

Actions

This Discussion