Multi-Location Data T1 and Integrated T1, VPN question

Posted on 2003-12-02
Last Modified: 2012-05-04
Corp HQ, location has Data T1 terminating Cisco 1700 and Integrated T1 terminatiing ADIT 6,  I have a VPN tunnel running from the Cisco 1700 to my other location, I also have it set that my in my router a last resort ip route statement to my ADIT6 so that if my primary T1 fails it will roll to my Int T1, The Primary T1 is terminated on a Cisco 1700 with a VPN to my other location. I want it so that if my primary T1 fails and the Int T1 picks up that I will still maintain my VPN tunnel. How can I do this??
Question by:jleoniak
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 79

Expert Comment

ID: 9866315
is the same public IP address block available through either the primary or alternate T1?
If yes, suggest using a loopback interface on the 1700 as the end-point (peer) for the remote site's VPN tunnel. This way, that IP will be available regardless of which path it takes.

Author Comment

ID: 9866401
Should be there provided by the same ISP, I'll check to make sure, what if there not?? then what?
LVL 79

Expert Comment

ID: 9866588
If not, then you can use two loopbacks, one with an IP from each block, and setup two VPN tunnels that will be established depending on which "peer" address is available at the time.
The VPN re-establishment time if one goes down is almost instant..maybe 30 seconds max

Author Comment

ID: 9867104
I did some research about this and some of the solutions I found mention OSPF, would I need to use this with your config
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 9867199
No. Basically you will have two 'virtual' links. Dynamic routing does not work over VPN tunnels. The traffic defined by an access-list can only be encrypted and forwarded to the designated peer. If that peer is not available, and there is an alternate, then the encrypted packets get sent to the second peer IP address. There really is no routing decision being made, except how to get to the peer. Through primary T1, or alternate T1?

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month4 days, 3 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question