Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Multi-Location Data T1 and Integrated T1, VPN question

Posted on 2003-12-02
7
Medium Priority
?
369 Views
Last Modified: 2012-05-04
Corp HQ, location has Data T1 terminating Cisco 1700 and Integrated T1 terminatiing ADIT 6,  I have a VPN tunnel running from the Cisco 1700 to my other location, I also have it set that my in my router a last resort ip route statement to my ADIT6 so that if my primary T1 fails it will roll to my Int T1, The Primary T1 is terminated on a Cisco 1700 with a VPN to my other location. I want it so that if my primary T1 fails and the Int T1 picks up that I will still maintain my VPN tunnel. How can I do this??
0
Comment
Question by:jleoniak
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9866315
is the same public IP address block available through either the primary or alternate T1?
If yes, suggest using a loopback interface on the 1700 as the end-point (peer) for the remote site's VPN tunnel. This way, that IP will be available regardless of which path it takes.
0
 

Author Comment

by:jleoniak
ID: 9866401
Should be there provided by the same ISP, I'll check to make sure, what if there not?? then what?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9866588
If not, then you can use two loopbacks, one with an IP from each block, and setup two VPN tunnels that will be established depending on which "peer" address is available at the time.
The VPN re-establishment time if one goes down is almost instant..maybe 30 seconds max
0
 

Author Comment

by:jleoniak
ID: 9867104
I did some research about this and some of the solutions I found mention OSPF, would I need to use this with your config
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 9867199
No. Basically you will have two 'virtual' links. Dynamic routing does not work over VPN tunnels. The traffic defined by an access-list can only be encrypted and forwarded to the designated peer. If that peer is not available, and there is an alternate, then the encrypted packets get sent to the second peer IP address. There really is no routing decision being made, except how to get to the peer. Through primary T1, or alternate T1?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question