I am attempting to determine if the following is possible and if it is, can anyone help me out?
I have two Cisco 2620 routers that are connected via a Frame Relay circuit. I route IP traffic through them as well as VoIP. On "Router1" I have a point-to-point connection to the Internet and on "Router2" I have an ADSL WIC connected to a ISP. What I'd like to do is use the Internet as a "failover" connection so that if my Frame Relay connection ever goes down, I can use the Internet as my "DBU", but instead this wouldn't dial up since it is ADSL and not ISDN or some other dial up scheme.
From all the docuementation I've read, I have come up to a dead end. I don't know if I need a PIX firewall or a VPN module in my routers or ? I don't have the funds to purchase much equipment, so I was hoping to do this with the routers I already have. I have found a Cisco document entitled "Cisco - Configuring IPSec with EIGRP and IPX Using GRE Tunneling" While this document comes close to what I'm trying to do it falls short.
Yep, this is possible. Best way to do it is to create a GRE/IPSec tunnel and run a routing protocl over it, make it whatever routing protocol you run on your current network. Increase the routing metric over this GRE interface so that the routers only find the routes over the tunnel in the event there's nothing better. Your IPSec tunnel will always be up in this situation, but will only ever be used if your better route (your Frame Relay link) goes down.
Conversely, you can create a GRE/IPSec tunnel, don't run a routing protocol over it (so it's not up all the time, saving you money if you pay for your ISP circuits by the data rate), and add a floating static route that has a higher metric than your FR routes. The gateway/next hop for the static route will be the IP address of the other end of the tunnel interface. Redistribute this static into your routing protocol and you're off and running. again, this floating static will only ever be put into the routing table when the better route (the FR link) is not there.
You shouldn't need a VPN module for this, assuming you're not sending too much data over the tunnel. You don't need a PIX either. All you need is a crypto image on the routers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :