Was wondering if anyone has any suggestions for a configuration I am trying to get going.
What I have is a Colo Data Center that is connected back to multiple sites via MPLS. Internet access is through the Colo for all sites. In case of a failure of the MPLS I am trying get an automated VPN to come up that would connect from an Adtran router with with a Verizon Wireless Card in it. I have the VPN up and that works. It is the automation piece that I am trying to figure out. So, currently the Pix has static routes that point everything towards the MPLS router for all of the sites. Everything else uses the MPLS router as a DGW and then the DGW for the MPLS is the Pix.
If there is a failure the VPN will come up but then there are the routes on the Pix that will just push everything back towards the MPLS. The provider is saying to put higher metric routes for the statics back to the MPLS but higher than what? When the VPN comes up there aren't really any routes there to push the traffic across the VPN.
The thought I had was that since the managed MPLS router at the colo is a Cisco router to have the provider redistribute the BGP routes back out to EIGRP which the Pix could pick up. In the case of a failure once EIGRP was updated there would be no route towards the MPLS and everything would just route out the DGW which would be the Pix.
Anyone dones anything like this before that might have some ideas?
Thanks for responding. The static routes point back into an MPLS net. There is one of the MPLS sites that we want to install a router (Adtran) with a Verizon EVDO card installed that will be for a backup link. So, if the MPLS goes down then the backup router link will come up and make a VPN connection to the firewall.
Here is a quick diagram I threw together. Hopefully, this doesn't confuse things more:
Right now we are specifically looking at doing the backup for Site A. It might extend to other sites at a later date but Site A has had some issues with the MPLS connection going down. So for now we are specifically looking to protect against a failure of the link to the MPLS at Site A.
I can get the VPN up and running but my issue is how to handle the routing at the firewall. If I have static routes in there to point the Site A addresses towards the MPLS then when the VPN comes up in case of a failure it will still try to push the traffic towards the MPLS which will now be down.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...