We have a site with a cisco 2621. A serial interface connected to the brach office (cisco 7500) with a dedicated line. A fastethernet interface connected to an ADSL Internet access. And another fastethernet interface connected to the lan.
At the branch office we have a VPN Concentrator 3000.
We need a solution using VPN tunnel between the VPN Concentrator and the small office when the leased line fails.
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Backup via VPN is possible, but non-trivial. You can think of the VPN as an alternate, higher-cost link or as a dial-on-demand link (in the end, they both are equivalent). You need a mechanism to detect that the serial link is down and a mechanism to reroute traffic via the VPN. The details will depend upon exactly what your network looks like and what kinds of traffic you need to support.
Some items to watch out for include: VPN setup, MTU reduction when the VPN is in use, routing protocol requirements for "neighbors," ensuring that both ends detect the need to alternate route, and acceptable use restrictions on the DSL line. Easiest (but not necessarily best) is to run a GRE tunnel across the VPN and run a routing protocol across both links, treating the GRE over VPN as just another dedictated, albeit high cost, link.
Your solution would be to establish a site-to-site vpn between you local-remote sites. Then setup floating static routes on your two routers that point to your respective networks that would kick in event the primary routes fail. I have used this as a backup for T-1 and ATMs connections.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :