Cisco Support Community
Community Member

failover setup?


I have two Campus Networks connected via a Micorwave WAN link. Each campus has its own ISP connection provided by the same provider. I also have a PIX 515 at each campus. In case that my Microwave link would go down, for whatever reason, is there a way to set up PIX to PIX connection via the ISP to continue to allow access to the services from each campus. Would a VPN tunnel help me here. As of right now I only use VPN tunneling for administrative needs.

Hope this makes sense. Thanks



Re: failover setup?

it depends on the current settings.

is there a internal router on each site, which acts as a default gateway? if so, you may use the router to verify whether the microwave link is active, otherwise re-route all the traffic to the pix.

you can configure the pix with lan-lan vpn as usual. as soon as the internal router starts re-routing traffic to the pix, the pix will initiate the vpn tunnel to the other site.

in case there is no internal router, and the routing decision is made by the pix. it then depends on how does the microwave fail. for example, if the pix interface (the one connected to microwave) will go down, then you can apply 2 static route with different metrics in order to force the microwave link to be the primary. as soon as the microwave-connected interface went down, the pix will re-route all traffic via the other link.

however, for some wan technologys, the pix interface will never go down but yet the traffic get loss within the isp network. in this case, you can't rely on pix to make the routing decision, as pix doesn't support those "polling" feature to verify the path from the local net to remote net. i guess the workaround is to install a router then.

CreatePlease to create content