Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Failover between leased line and the VPN.

Hi,

I have a scenario in which I have two different sites and two different links between them. The primary link is a leased line and secondary link is through the VPN using the internet.

I want to condifure the VPN as the failover for the LL. Can any one suggest me a solution for this problem. This has to happen from both the sites.

Thanks and regars,

SH.

5 REPLIES
Gold

Re: Failover between leased line and the VPN.

whats the physical layout? how many devices at each end? are they firewalls? routers?

New Member

Re: Failover between leased line and the VPN.

Hi,

I have ASA at the HO and a router at the branch. Both the sites are connected to the internet separetly and have a leased line between them.

This same scenario will grow further, with many branches trying to connect to the HO using VPN. The leased line will be replaced by the MPLS.

When ever the MPLS spoke connection fails, the respective branch has to use the VPN to reach the HO.

Regards,

SH.

New Member

Re: Failover between leased line and the VPN.

you can use floating static route to do this job, if you have only one router in your branch, and just run static route on it.

add the following commands into your branch router.

ip route 0.0.0.0 0.0.0.0 a.b.c.d

ip route 0.0.0.0 0.0.0.0 e.f.g.h 200

a.b.c.d is your LL connection next hop,

e.f.g.h is your internet connection next hop.

200 is the administrative distance.

New Member

Re: Failover between leased line and the VPN.

Hi Jerry,

The problem is that routed traffic uses the routes and the VPN uses the ACL. I am not sure how to give more priority to routed traffic and less priority to the VPN traffic.

Regards,

SH.

New Member

Re: Failover between leased line and the VPN.

All the traffic has to go through the routing table, and then be forwarded to outside, whatever VPN traffic or not.

In my suggestion, all the traffic will take first default static route(go through your LL) to go outside primarily in normal condition. In case your LL down, then all the traffic will take the second static route (VPN connection) to go outside, because the second static default route has a lower priority than the first one.

Hopefully it can help you.

212
Views
5
Helpful
5
Replies
CreatePlease to create content