I have two sites connected via PtP link using 3600 series routers. I'm trying to setup a VPN box to backup this line in the event of any interruptions.
Is there a way that I can tell the router(PtP) that if the serial link is down to use a seconday route to get to a destination network? I've tried adding multiple routes to the network w/ different weights, but it doesn't work. I'm not sure if I'm missing anything.
Re: Backing up a point to point link w/ a VPN box.
The only way you can make this work is to add weighed static routes that point to the VPN boxes on each side of the link. For example lets assume that the Ethernet address on Ethernet 0 is 10.1.1.1/24. Lets again assume that we have a point to point serial connection between this router and a remote router. We have elected to use 10.1.254.0/30 for the Wan addressing. Our routers serial port address is 10.1.1.254.1/30and the remote router is 10.1.254.2/30. The remote routers Ethernet port is 10.1.2.1/24. So in our local router it will know the following:
Network 10.1.1.0/24 is directly connected.
Network 10.1.254.0/30 is via serial 0
We have a couple of ways that we can announce the networks on each routers Ethernet port to each other, via RIP-V2, EIGRP or something else. We could elect to use static routes. So lets take a look:
ip route 10.1.2.0 255.255.255.0 10.1.254.2 1
ip route 10.1.1.0 255.255.255.0 10.1.254.1 1
If we look in our routing table show ip route. We will see that the static routes have a metric of a 0. The lower the metric the more preferable the route. Lets assume that your VPN boxes on each side were 10.1.1.10 and 10.1.2.10. In the local and remote routers the route might look like this:
ip route 10.1.2.0 255.255.255.0 10.1.1.10 150
ip route 10.1.1.0 255.255.255.0 10.1.2.10 150
The route for 10.1.2.0 will prefer to the serial 0 connection. If the serial port goes away the router will prefer the VPN box.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :