Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Dial Backup VPN Tunnel?

Hi all,

I would like to do dial backup. My problem is I have a Primary VPN connection using ADSL and want to create a secondary VPN connection with a US Robotics modem hanging off my AUX port as the backup connection. What I need is when the tunnel goes down on the Primary VPN, I need it to initiate dial backup on the AUX port, create a Secondary VPN tunnel and Terminate to the same VPN head end that the primary tunnel was terminated to.

Can this be done?



Re: Dial Backup VPN Tunnel?

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

New Member

Re: Dial Backup VPN Tunnel?

You may be able to do this. What you will want to do is make a loopback interface on this router and use the crypto map (mapname) local address command and specify the loopback and be sure that you give this interface a public ip. Then make the other peer point to this loopback for its peer. Next have two static routes for the peer that you are connecting to. One with an administrative distance of say 1 and the other of 2. The one with the administrative distance of two should point out the other interface for the dsl connection. By configuring it this way you avoid having to have the tunnel rebuilt. You are simply just rerouting traffic.


Re: Dial Backup VPN Tunnel?

It is not an easy task, but the good news is, it is doable.

Unfortunately, there is no sample configuration on this, because it involves a lot of other different technologies

One way to achieve that, is to enable GRE/IPSEC tunnels on the primary connection and run some routing protocol. Also enable floating static routes for the remote subnets with some higher admin distance. Routing protocol would keep track of the remote subnets. One the primary connection fails, then your routing would break too. Your static route would get installed in the routing table with the next hop being your other end of the modem connection

New Member

Re: Dial Backup VPN Tunnel?

I have already done the EIGRP inside of GRE inside of IPSec and dial backup and it works. The problem is I have DHCP and PPPoE IP address assignements from many ISP's so how can I use the GRE without a static IP address?

ANY advice would help.



Re: Dial Backup VPN Tunnel?

I guess this is doable by configuring your GRE tunnel being the ip address of your private interface

and tunnel dest. being the private address of the remote side, similar to the one here:

Then encrypt the gre packets sourced from ur private destined to remote private

CreatePlease to create content