I have two ISP's, two blocks of public addresses, and one router. The router has 2 WAN 10MB Ethernet cards. ISP-A's router uses RIP so it determines the default route, which I want b/c ISP-A has much greater bandwidth. I also have a static default route w/ a higher cost in case ISP-A goes down.
How can I configure the router so that when ISP-A goes down, traffic
automatically fails over to ISP-B? Keep in mind ISP-A provides a 10MB Ethernet connection to all of our branch offices and ISP-B is a 1.5 SDSL line that I want to setup VPN if ISP-A goes down.
For this router you should just need to apply the same crypto map to ISP-B's interface. If the routing table within this router suddenly sends all traffic out the other interface then if the crypto map is applied to it then the traffic will be encrypted.
You might want to configure a loopback interface on this router with a public IP address and set all other routers up to peer to this address. On this router, use the command:
> crypto map local-address loopback0
to source all the crypto packets from this address rather than the actual interface address (which will cause problems when the interfaces switch over).
Alternatively, on all the peer routers specify the ISP-B interface address as a backup in the crypto map asfollows:
> crypto map 10 ipsec-isakmp
> set trans ESP-3DES
> match address
> set peer
> set peer
ISP-B will only be used if ISP-A is unavailable, which would be if the ISP-A interface went down.
Thanks for the quick response. I think what we really want to do is even simplier than we originally thought. The ISP-A interface E0 will connect to other branch offices via the ISPs 10MB Ethernet network. In other words, the IP addresses would be something like 192.168.10.10, 192.168.10.11, etc. On the ISP-B interface E1, it's connected to Sprint 1.5MB SDSL and out to the Internet. Therefore, we need to only encrypt the packets going out that interface. I was thinking of just using the following commands:
Ip route 0.0.0.0 0.0.0.0 (dsl connection interface) 200
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...