The main issue is you want to dial only when your ADSL is down. To do that you could use Object Tracking associated to your default route pointing to your primary Dialer interface. Then you add a floating default route pointing to your secondary Dialer interface (one mapped to the aux port).
With this configuration you don't need a 2nd tunnel interface as the backup is only at the tunnel routing plan so you just re-route your tunnel to another WAN interface.
When your ADSL link is back again, your tunnel is routed back to the primary Dialer interface (thanks to object tracking) and your dial connection should drop after the idle timer expires.
The thing is your Dial connection will be always UP the time your ADSL link is down because of your IGP running inside your tunnel which generate hello packets every x seconds
This link will help you to configure Object Tracking for static routes:
actually i do not have a second leased line or ISDN line at H.Q to dial into, there is only one leased line available at the H.Q, so basically once the adsl is down the aux port should connect to the same LL where the adsl was connected.
basically i'm providing redundancy at the spoke level only.
You don't need 2nd access at the HQ as your lease line is connected to Internet right ? So from your remote site which is also connected to Internet, it doesn't matter which link you are using as your tunnel destination address doesn't change and is the public address configured on your HQ leased line.
But I must admit now I'm thinking about it there is an issue with my solution because when your ADSL is down, you don't have any tunnel source address available because you lost the public IP address associated to your primary dialer interface.
In this case it's becoming more complex because you need another tunnel which use your secondary dialer interface as tunnel source address but you can't run an IGP inside otherwise your PSTN line will always be connected even when the ADSL is UP.
For this tunnel, I would forgot DMVPN and use a pt-2-pt legacy IPSec tunnel with static crypto-map on the remote site and dynamic crypto-map on the HQ as I assume you don't have fix public addresses on the remote site.
It's not a big deal on the remote site because each tunnel is associated to one interface (DMVPN -> ADSL and crypto -> PSTN)
But you will have to be carrefull on the HQ as both tunnels are using the same WAN interface so need to be sure there is no confusion between both tunnels... you can use RRI feature with dynamic crypto-map to implement your routing policy at the HQ.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...