My question is this. How do I setup a vpn as a backup to the T1 circuit so that when the T1 goes down all traffic includeing internet access is sent to the main office pix. Also, after the T1 comes back up, how do I get the computers to send data back over the T1 circuit and not the VPN
The main office has a 3600 router and a pix firewall. The main office has a T1 connection to the internet. I also have a T1 point-to-point circuit to a remote office. The remote site has their own dns server and everything works great. They go threw the main office to access the internet and that also works great. I need to duplicate this threw the VPN.
I have installed a Pix 515 at the remote office and setup a vpn connection to the main office pix. The remote office has a cisco 2611 router with dual ethernet ports. Both the main office router and the remote office router use static routes. On the remote office router I put two static routes. One for all traffic to go across the T1 and then another route with a weight of 250 that routes all data to the pix (VPN) when the T1 line goes down. That part works great except that I am unable to access the internet. I think one reason is because the remote office vpn is set with an access list that says any information destined for the main office subnet needs to go threw the vpn. Since the local dns server at the remote site has already resolved the name for the internet site say Yahoo.com, the pix drops the packet because it does not know what to do with it because it does not meet the criteria for the access list to route it threw the vpn.
My question is this. How do I setup a vpn as a backup to the T1 circuit so that when the T1 goes down all traffice includeing internet access is sent to the main office pix. Also, after the T1 comes back up, how do I get the computers to send data back over the T1 circuit.
Start Free Trial
