Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

isdn backup for vpn-connection

is there a solution to back up a vpn connection with an isdn dialup connection. it often happens that the vpn-connection to some branches fail. as the link to the internet remains up a normal backup-dialer doesn't work. i would need a possibility to check the reachability of a certain ip-address and if neccessary bring up the isdn-connection.



Community Member

Re: isdn backup for vpn-connection

You might check the dialer-watch command in IOS.

Whith Dialer-watch lists you can examine remote subnets and let them trigger a dialup interface ( You should however run Eigrp or OSPF )


Community Member

Re: isdn backup for vpn-connection

What you may wish to do is to establish a GRE tunnel between your two end-points. You can then monitor the remote end of the tunnel. (if you lose connectivity anywhere in between your tunnel will go down).

Now you have the option of either sending a default route down the tunnel or a weighted static route out your BRI (I'm assuming your BRI is on the same box)

Now what you have to worry about is, at your main store does it know which path to use to get back to the branch if your ISDN terminates in a seperate box than your GRE. In this case you would be better off using a routing protocol over static routes.

Here is a link that will help:




Community Member

Re: isdn backup for vpn-connection

Is it possible to terminate a GRE connection on a Pix Firewall ?

If you have a setup with a Pix Firewall which is holding the IPSEC tunnel to the HQ and you have an extra ISDN backup router in the same LAN? Which possibilities for backup you have with this szenario ?

Thanks 4 help


Re: isdn backup for vpn-connection

There are multiple solutions to this challenge, depending upon whether the IPSec endpoints and the routing endpoints coincide. There are two example configurations in the Redundant VPN whitepaper on my web site ( One uses generic tunnels and OSPF with the routers doing both routing and IPSecing, just replace one of the VPN links with an OSPF demand ISDN link or use dialer watch. The other uses BGP between routers over an IPSec between firewalls (not to be confused with BGP with an ISP for multihoming). Using BGP directly over IPSec eliminates the need for a GRE tunnel (and the consequent reduction in MTU).

Good luck and have fun!

Vincent C Jones

CreatePlease to create content