Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Dial Backup for VPN


I need to implement a backup mechanism for an ipsec VPN. This is for a small soho so I think in buying a 837 adsl router, so when adsl goes down, the alternative path should become avaiable. The backup possibilities are: using an analog modem attached to the console port or redirecting traffic to another local router (from another vendor, when it receives traffic to the other network it will establish a link).

I need some suggestions about the best way/hardware/config tip for accomplishing this.

Thanks in advance,



Re: Dial Backup for VPN

The challenge with a VPN tunnel is to detect when it is down so that an alternate route can be selected. An ADSL interface almost never goes down, so classical dial backup approaches such as backup interface won't work. You must use an approach which tracks availability of the other side based on a routing protocol or "outside information." Cisco does not support the latter (but look at Nexland Pro800 Turbo or Symantec 200R for an example of how ping can be used to do the job).

Using Cisco kit, your only choice is running a routing protocol, which requires a router at each end of the VPN. You can use BGP directly over the VPN, or any interior routing protocol (EIGRP, OSPF, RIP, etc) over a GRE tunnel. Last time I looked, only the GRE tunnel approach is documented here on CCO, but there is a white paper with an example of each approach on my web site.

Good luck and have fun!

Vincent C Jones