I have a 7206 router with an ISA VPN card in it. I want to use a static route to point traffic at a particular VPN.
The interface that all of the VPNs terminate on is fa0/0, it has the outside IP that the remote PIX501s negotiate isakmp etc with.
I'm trying to troubleshoot an issue, but would like to clarify one thing before I move on.
If I just point the static route at the interface, will the router pick the correct VPN to put the traffic onto? How does it know? Does it go through all the IPSEC SAs and determine which one to put the traffic into?
The route pointing to the interface works only when the interface has a /30 mask then the interface has one ip then it leaves only one IP free for the gateway as the network support only 2 hosts.
If you have a router to other interface that is not the fa 0/0 with a lower cost it will go there first if it's down it will go through the fa0/0 and if you have the properly configured crypto acl it will criptograph it and send. the problem with this is when one side "think" the interface is down, and the other side thinks it's up so you will need some routing protocol on it of manual changing when the link goes down
I have rewritten my original post, to make it a bit more clear and created a graphic. :
I have a situation where I need to implement a backup solution over an internet VPN. The site has a T1 coming into a 7206 on my internal LAN (Router 1). Please see the atttached graphic. When this T1 fails, the remote site router sends it's traffic to a PIX501 to initiate a VPN over the internet to a different 7206 on my internal network (Router 2). The 7206 that that the VPN terminates on has the VPN ISA card and uses a dynamic crypto map to act as a concentration point for many other VPNs.
The internal network runs EIGRP as well as my remote router.
I believe I have this solution setup correctly, but am not 100% certain and would like some reassurance. On the remote site router, when the primary T1 fails, the EIGRP routes will fall out, and a floating static default will kick in:
ip route 0.0.0.0 0.0.0.0 10.250.38.2 250
Causing all traffic to be sent to the PIX and across the VPN tunnel (PIX is configured to encrypt any traffic it sees).
On Router 2 on my internal network, I have put in an floating static saying:
ip route 10.250.38.0 255.255.255.0 fa0/0 250
To get to this subnet, send it out fa0/0. Fa0/0 is the external interface where all the crypto sas etc are done. So, when the T1 into Router 1 goes down, EIGRP will flush out the routes to 10.250.38.0, and Router 2 will put in and redistribute the above route to my internal network.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...