Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

Have anyone done this before??

We will have two internet access setup.

Here is diagram:

Location A (10MB Verizon):

10MB (internet) <--> 3640Router <--> 3650Switch <--> PIX 525 <-->4507R

Location B (100MB Internet Verizon)

100MB (internet) <--> 2811Router <--> 3650Switch <--> ASA 5520 <-->6509

Between Location A and Location B is private point-to-point 100MB.

Running EIGRP internally between branches and buildings.

PIX and ASA either running RIP or OSPF.

Since we use same ISP verizon, I believe we will use private BGP number for routing.

Here is my question, if the private 100MB point-to-point between Location A and B is down.

Can we use 10MB and 100MB internet connections connect Location A and B together automatically kick-in during downtime and release after link up again? I assume IPSEC tunnel will be used.

Is there any documentation for this configuration? or someone can share the configuration or any ideas??

Thanks a lot!!!

Ken

  • WAN Routing and Switching
5 REPLIES

Re: Have anyone done this before??

Fro simplification, I think you can use floating static route option. the following link have an easy to follow scenario:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800ef7b2.shtml#topic1

Note that the example uses WAN link but you can interchange the WAN link to LAN link such as ethernet ro fastethernet, the main point is the concept behind it.

Hope this helps, please rate helpful posts.

New Member

Re: Have anyone done this before??

We did it at my last assignment. We had a 3725router sitting on a DMZ at each end with a AIM-VPN/EPII module. We did a LAN to LAN IPSEC tunnel with GRE to exchange OSPF routes accross the tunnel. The internal interface would connect to the internal lan.

You could put the routers on the public but you would be relying on the router security.

I think we put a opsf cost on the interface to make sure it was only used a back up.

The 2800 and 3800 series would work better because those card are built in.

Here is a link for IP Tunneling Configuration examples.

Hope this helps. pls rate !

New Member

Re: Have anyone done this before??

Bronze

Re: Have anyone done this before??

Thanks your great response, at least that is doable.

I have more questions, if you dont mind.

Are you try to say that you have total two additional routers at DMZ zone? One at each main site?

For example

Location A:

100MB (internet) <-->2811 <-->3650 <-->ASA5520 (Create DMZ, and another 2811 w/AIM-VPN/EPII module reside at DMZ) <--> 6509

Location B:

10MB (internet) <-->2811 <-->3650 <-->PIX 525(Create DMZ, and another 2811 w/AIM-VPN/EPII module reside at DMZ) <--> 4507R.

Is that what you mean??

What IGP you use (EIGRP or OSPF), I assume you use OSPF for your internal network, coz you use ospf cost?

What Routing Potocal you use at PIX (static, RIP or OSPF)?

Thanks

Ken

New Member

Re: Have anyone done this before??

Your examples are correct.

The IGP is OSPF

The PIX is static.

Also, bosalaza has a good idea. At my current assignment. We are using IPSEC LAN to LAN tunnels as the backup connection for the remote locations.

We have the primary T1 2811 router connected to a 1801 router via directly connected ethernet. The 1801 has built in ADSL modem. The 1801 connects to the PIX via an IPSEC tunnel.

We have a floating static route in the 2811

ip route 0.0.0.0 0.0.0.0 10.86.0.0 255.255.255.0 250

The 1801 is not running an IGP. We have static routes and access-lists everywhere since this is sitting on the public domain. Then the core router has floating static for the remote locations.

Hope this helps and make sense. I haven't finished my coffee yet.

130
Views
7
Helpful
5
Replies