Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with VPN over DSL as a backup on a 2811

I have a 2811 in a remote office that has a T-1 as the primary circuit and DSL as the backup (WIC1-ADSL card) that has a VPN tunnel back to our NOC. The config works fine if the T-1 goes down and stays down, but if the T-1 bounces and comes back up in less than 30 seconds it creates a problem. The problem is is that the VPN tunnel stays up after the T-1 comes back up. Has anybody else had the same problem?

Is there a config setting that can be added to the router to force it to use the VPN tunnel for a set length of time after the T-1 comes back up?


Re: Problem with VPN over DSL as a backup on a 2811

This sound like the old ISDN dial on demand problems.

How are you getting the traffic to fail over to the vpn tunnel.

Unless you are paying by the byte for your ADSL connection I cannot see why you do not want this up all the time. You can just run a routing protocol over both connection and adjust the metrics to use the proper conenction.

This type of error in dial backup was caused many times by routing protocol coming up over the dialup that then prefered that path and did not ever go back if the dialup circuit was being controlled by intersting traffic rather than some other form of backup interface.

New Member

Re: Problem with VPN over DSL as a backup on a 2811

We had a similiar problem the other day. It is a different configuration with same problem. We have a 2811 with a T1 connection. We have a 1801 establishing a LAN to LAN tunnel back to our VPN concentrator at the Central Office. The 1801 connects to the 2811 via ethernet. The 2811 gets its default route from the Core Router. We have a static weighted default route (metric of 250) So if the T1 drops, all traffic is sent to the 1801 and across the tunnel. We are going to setup our network monitoring software to ping a loopback interface on the 1801 to ensure that the vpn tunnel stays up.

When the circuit was bouncing frequently, we shut the serial interface and forced the traffic across the VPN tunnel until the carrier had corrected the problem.

Hope this helps.