Multi-Location Data T1 and Integrated T1, VPN question

Posted on 2003-12-02
Last Modified: 2012-05-04
Corp HQ, location has Data T1 terminating Cisco 1700 and Integrated T1 terminatiing ADIT 6,  I have a VPN tunnel running from the Cisco 1700 to my other location, I also have it set that my in my router a last resort ip route statement to my ADIT6 so that if my primary T1 fails it will roll to my Int T1, The Primary T1 is terminated on a Cisco 1700 with a VPN to my other location. I want it so that if my primary T1 fails and the Int T1 picks up that I will still maintain my VPN tunnel. How can I do this??
Question by:jleoniak
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 79

Expert Comment

ID: 9866315
is the same public IP address block available through either the primary or alternate T1?
If yes, suggest using a loopback interface on the 1700 as the end-point (peer) for the remote site's VPN tunnel. This way, that IP will be available regardless of which path it takes.

Author Comment

ID: 9866401
Should be there provided by the same ISP, I'll check to make sure, what if there not?? then what?
LVL 79

Expert Comment

ID: 9866588
If not, then you can use two loopbacks, one with an IP from each block, and setup two VPN tunnels that will be established depending on which "peer" address is available at the time.
The VPN re-establishment time if one goes down is almost instant..maybe 30 seconds max

Author Comment

ID: 9867104
I did some research about this and some of the solutions I found mention OSPF, would I need to use this with your config
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 9867199
No. Basically you will have two 'virtual' links. Dynamic routing does not work over VPN tunnels. The traffic defined by an access-list can only be encrypted and forwarded to the designated peer. If that peer is not available, and there is an alternate, then the encrypted packets get sent to the second peer IP address. There really is no routing decision being made, except how to get to the peer. Through primary T1, or alternate T1?

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 171
HPE Procurve/Aruba BGP Prepend Route-Map experience? 2 77
Can VBS count the number of items in an array 8 93
Failover for DMVPN 3 59
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question