We've got two 1800 routers connected via IPSEC VPN using a tunnel interface. The router at the branch office is using a T1 on Serial0/0/0 and we'd like to connect DSL service to Fa0/1 as a backup.
Now, problem I see is that we use static routing. On the branch router it has a default route pointing to the original Tunnel interface that uses the T1 line. Then it has several other static routes pointing to the serial interface itself. Tried an experiment creating floating static routes that would bounce to a second Tunnel interface or the Fa0/1 interface if the first failed, however, I don't think that works correctly. Tried shutting down the serial interface (wisely scheduling a reload for a couple minutes later), but the second tunnel never came up.
I'm sure there is a better way of doing this and would appreciate any pointers.
Re: Adding backup route with Site-to-Site VPN Tunnel
I guess I'm still confused. That solution seems a little more complex than what I'm trying to do.
Here is what I understand:
1. develop an sla to monitor a connection on the primary interface
2. Configure static default routes: The first points to the default interface and is tracking the sla. The second goes to the backup interface and has a metric so that it only becomes active should the default fail or should the tracking be interrupted.
Where I get confused is in regards to the VPN Tunnels. Here's the relevant current config of the main site-to-site router:
And the current default route on the branch router is:
ip route 0.0.0.0 0.0.0.0 TunnelA
So I know that what I will eventually need on the branch router is something like this:
ip route 0.0.0.0 0.0.0.0 TunnelA Track 1
ip route 0.0.0.0 0.0.0.0 TunnelB 10
My question is, in regards to using Tunnels, is there anything special I need to do aside from having two Tunnel interfaces (one utilizing the T1 interface and one utilizing the DSL FA0/1 interface) on each end (one the primary, one the secondary) and can I share the same crypto key and crypto map for the two tunnels, or do I need to create separate ones?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...