Multi-Location Data T1 and Integrated T1, VPN question

Corp HQ, location has Data T1 terminating Cisco 1700 and Integrated T1 terminatiing ADIT 6,  I have a VPN tunnel running from the Cisco 1700 to my other location, I also have it set that my in my router a last resort ip route statement to my ADIT6 so that if my primary T1 fails it will roll to my Int T1, The Primary T1 is terminated on a Cisco 1700 with a VPN to my other location. I want it so that if my primary T1 fails and the Int T1 picks up that I will still maintain my VPN tunnel. How can I do this??
jleoniakAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
is the same public IP address block available through either the primary or alternate T1?
If yes, suggest using a loopback interface on the 1700 as the end-point (peer) for the remote site's VPN tunnel. This way, that IP will be available regardless of which path it takes.
jleoniakAuthor Commented:
Should be there provided by the same ISP, I'll check to make sure, what if there not?? then what?
lrmooreCommented:
If not, then you can use two loopbacks, one with an IP from each block, and setup two VPN tunnels that will be established depending on which "peer" address is available at the time.
The VPN re-establishment time if one goes down is almost instant..maybe 30 seconds max
jleoniakAuthor Commented:
I did some research about this and some of the solutions I found mention OSPF, would I need to use this with your config
lrmooreCommented:
No. Basically you will have two 'virtual' links. Dynamic routing does not work over VPN tunnels. The traffic defined by an access-list can only be encrypted and forwarded to the designated peer. If that peer is not available, and there is an alternate, then the encrypted packets get sent to the second peer IP address. There really is no routing decision being made, except how to get to the peer. Through primary T1, or alternate T1?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.