cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
471
Views
0
Helpful
2
Replies

If leased line link fails,then vpn should come up

arulkumar80
Level 1
Level 1

I am using 2811 router in 5 locations (say siteA,siteB,siteC,siteD,siteE).

they all are connected through leased line.

i want to know if the leased line fails in 1 location( say in site A) all the other locations (siteB,siteC,siteD,siteE) shoud communication to that location (siteA) through VPN.

And communication beteween siteB to siteC,siteB to siteD,siteB to siteE ,siteC to siteD,siteC to SiteE,siteD to siteE should continue with the existing leased line.

Your help will be highly appreciated.

Regards

Arulkumar

2 Replies 2

Danilo Dy
VIP Alumni
VIP Alumni

Select an internet service provider to connect SiteA to all other sites.

Configure VPN between SiteA and all other sites. Watch the security, put an ACL in the internet facing interface of the router to only allow connection between SiteA internet facing interface IP Address and all otehr sites internet facing interface IP Address.

All sites primary routing should use Leased Line as a gateway with default Administrative Distance of 1.

All sites backup routing should use each sites internet gateway with a higher Administrative Distance than 1 (e.g. 10)

bapatsubodh
Level 1
Level 1

Hi,

IT is a very standard practice to have VPN over internet that will kick in the moment your WAN-link fails.

Firstly as posted in earlier text you need internet connection to all locations. Once you have set up internet connections you can setup site-to-site VPN between locations and then add route to corresponding subnet with higher administrative distance than your current routing protocol.

Second way is to form GRE tunnels between locations over  internet connections encrypt the data before sending it through the GRE tunnel. Beauty of the GRE is you can run the routing protocol on the GRE interfaces, run routing protocol in your network adjust the bandwidth of the links and you are good to go. I can broadly imagine the scenario, all locations will have your existing router with leased lines connectivity. You will need another router at each location to terminate the internet link with advance security IOS to support IPSEC.  On routers with leased line say subnet_A points _to serial 0/0 you need to add another line as subnet_A point to Eth0_Of_ Interne_router  with high admin distance. So when s0/0 is down packet for subnet_A will be forwarded to internet router. The internet router will forward the packet to corresponding location either by GRE or by Site-to-Site VPN whatever you have configured.

Thanks

HTH

rate if possible

Subodh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco