i've lan-to-lan ipsec tunnel over internet between two ios routers. I'm trying to configure isdn backup for the ipsec tunnel between the same routers. My problem is for any router to make routing decisions it has to know that the remote internet connection is down since this is no point-to-point connection.
This is a frequently asked question on this forum. A quick search through some of the earlier postings (or use google to search the comp.dcom.sys.cisco Usenet archive) would unearth a range of solutions and challenges. I have documented my two favorite approaches in a white paper on my web site, and will only highlight here what is stated much more clearly and in greater detail there.
The bottom line is that you are absolutely correct in your thinking so far. The first challenge is to detect that the link has failed. This can be done with either a GRE tunnel or with a routing protocol which does not require routers to be adjacent, such as BGP. The next step is to have an alternate path that can be used if the primary is detected to have failed. This can be another VPN (using an alternate service provider) or dial backup. The final, and oft neglected step, is consistent, routine monitoring and testing of the backup link to ensure that it gets fixed when it fails so that you have a reasonable change that it will still be working by the time you need it.
what i ment to say was, the solution it started to work after i red your white papers, made eigrp configuration (i choose EIGRP), eliminating static routing and finally, getting the ISDN backup working, only when the tunnel(or when a physical problem to an ISP occur) between two sites goes down, permitting the remote sites (connected via Internet to both principle sites) to continue receiving eigrp updates via isdn.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :