I need to implement a backup mechanism for an ipsec VPN. This is for a small soho so I think in buying a 837 adsl router, so when adsl goes down, the alternative path should become avaiable. The backup possibilities are: using an analog modem attached to the console port or redirecting traffic to another local router (from another vendor, when it receives traffic to the other network it will establish a link).
I need some suggestions about the best way/hardware/config tip for accomplishing this.
The challenge with a VPN tunnel is to detect when it is down so that an alternate route can be selected. An ADSL interface almost never goes down, so classical dial backup approaches such as backup interface won't work. You must use an approach which tracks availability of the other side based on a routing protocol or "outside information." Cisco does not support the latter (but look at Nexland Pro800 Turbo or Symantec 200R for an example of how ping can be used to do the job).
Using Cisco kit, your only choice is running a routing protocol, which requires a router at each end of the VPN. You can use BGP directly over the VPN, or any interior routing protocol (EIGRP, OSPF, RIP, etc) over a GRE tunnel. Last time I looked, only the GRE tunnel approach is documented here on CCO, but there is a white paper with an example of each approach on my web site.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...