Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Multi-Location Data T1 and Integrated T1, VPN question

Posted on 2003-12-02
7
Medium Priority
?
364 Views
Last Modified: 2012-05-04
Corp HQ, location has Data T1 terminating Cisco 1700 and Integrated T1 terminatiing ADIT 6,  I have a VPN tunnel running from the Cisco 1700 to my other location, I also have it set that my in my router a last resort ip route statement to my ADIT6 so that if my primary T1 fails it will roll to my Int T1, The Primary T1 is terminated on a Cisco 1700 with a VPN to my other location. I want it so that if my primary T1 fails and the Int T1 picks up that I will still maintain my VPN tunnel. How can I do this??
0
Comment
Question by:jleoniak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 9866315
is the same public IP address block available through either the primary or alternate T1?
If yes, suggest using a loopback interface on the 1700 as the end-point (peer) for the remote site's VPN tunnel. This way, that IP will be available regardless of which path it takes.
0
 

Author Comment

by:jleoniak
ID: 9866401
Should be there provided by the same ISP, I'll check to make sure, what if there not?? then what?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9866588
If not, then you can use two loopbacks, one with an IP from each block, and setup two VPN tunnels that will be established depending on which "peer" address is available at the time.
The VPN re-establishment time if one goes down is almost instant..maybe 30 seconds max
0
 

Author Comment

by:jleoniak
ID: 9867104
I did some research about this and some of the solutions I found mention OSPF, would I need to use this with your config
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 9867199
No. Basically you will have two 'virtual' links. Dynamic routing does not work over VPN tunnels. The traffic defined by an access-list can only be encrypted and forwarded to the designated peer. If that peer is not available, and there is an alternate, then the encrypted packets get sent to the second peer IP address. There really is no routing decision being made, except how to get to the peer. Through primary T1, or alternate T1?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question