tamlync
asked on
Cisco site-site VPN over Adsl with ISDN backup - Object tracking problem
Hi all,
I have been trying to get an ISDN circuit to dial up and connect 2x 1841
Cisco routers together if the primary adsl interface fails. (I'm pulling my hair out
and almost out of time in implementing this, so there's lots of points up for grabs if anyone can help me.)
Background:
Main site: 192.168.1.x
Remote Site: 192.168.2.x
VPN to each end over aDSL appears to work fine, no reported issues (not sure
its 100% correct, but it works).
Due to an issue with the DSL connection at the remote site, it has been
decided to introduce an ISDN circuit at each end, so if the dsl fails, then
the sites can connect via ISDN.
ISDN calls must be made from the MAIN site to the remote site.
After asking on this group the other day, it was suggested that the
backup-interface doesn't work that well, and some sort of route object
tracking was needed to perform the function correctly.
This is what i have tried to do however its not working I'm sure its only an
access list that is stopping the ISDN dialling up, but I'm not seeing my
mistake at the moment! Can you?
--------------------------
Configuration from Main site (any boring stuff edited out)
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
!
ip sla monitor 1
type echo protocol ipIcmpEcho (ADSL outside interface at remote site)
ip sla monitor schedule 1 life forever start-time now
!
isdn switch-type basic-net3
!
crypto pki trustpoint TP-self-signed-30453xxxxxx
!
!
crypto pki certificate chain TP-self-signed-30453xxxxxx
!
username admin privilege 15 secret
username backup password 7
!
!
track 123 rtr 1 reachability
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxx address (ADSL outside interface at remote site)
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer (ADSL outside interface at remote site)
set transform-set ESP-3DES-SHA
match address 100
!
!
!
interface FastEthernet0/0
ip address 192.168.1.242 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/1/0
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn point-to-point-setup
ppp authentication chap
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname name@isp.com
ppp chap password 7
crypto map SDM_CMAP_1
!
interface Dialer2
ip address 172.16.200.2 255.255.255.0
encapsulation ppp
dialer pool 2
dialer idle-timeout 180
dialer string (remote site number)
dialer-group 2
ppp chap hostname backup
ppp chap password 7 (same as password defined above)
!
ip local policy route-map MY_Backup_Policy
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 track 123
ip route 0.0.0.0 0.0.0.0 Dialer2 100
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit icmp any host (remote site) echo
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map MY_Backup_Policy permit 10
match ip address 105
set interface Null0
set ip next-hop (outside interface of this router when connected to adsl)
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
end
--------------------------
Remote site (remember this just needs to answer the isdn calls from main
site)
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
!
isdn switch-type basic-net3
!
crypto pki trustpoint TP-self-signed-214962xxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-214962xxxx
!
!
crypto pki certificate chain TP-self-signed-214962xxxx
certificate self-signed 01
!
username admin privilege 15 xxxxxxxxxxxx
username backup password 7 xxxxxxxxxx
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxx address (main site outside interface)
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer (main site outside interface)
set transform-set ESP-3DES-SHA
match address 100
!
interface FastEthernet0/0
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname name@isp.com
ppp chap password 7
crypto map SDM_CMAP_1
!
interface Dialer2
ip address 172.16.200.2 255.255.255.0
encapsulation ppp
dialer pool 2
dialer-group 2
ppp chap hostname backup
ppp chap password 7 (same as password defined above)
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer2 100
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 101
!
end
--------------------------
To show that tracking is working correctly on the MAIN unit, you can see the
following:
#sho track
Track 123
Response Time Reporter 1 reachability
Reachability is Up
1 change, last change 00:00:26
Latest operation return code: OK
Latest RTT (millisecs) 52
Tracked by:
STATIC-IP-ROUTING 0
#sho ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C (outside interface of this router) is directly connected, Dialer0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
195.166.128.0/32 is subnetted, 1 subnets <-ISP kit
C 195.166.128.123 is directly connected, Dialer0 <-ISP kit
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
#show ip route track-table
ip route 0.0.0.0 0.0.0.0 Dialer0 track 123 state is [up]
--------------------------
Congratulations if you have got this far, thanks for taking the time to
read and a triple thanks! if you are able to point out the errors in my way.
Thanks!
I have been trying to get an ISDN circuit to dial up and connect 2x 1841
Cisco routers together if the primary adsl interface fails. (I'm pulling my hair out
and almost out of time in implementing this, so there's lots of points up for grabs if anyone can help me.)
Background:
Main site: 192.168.1.x
Remote Site: 192.168.2.x
VPN to each end over aDSL appears to work fine, no reported issues (not sure
its 100% correct, but it works).
Due to an issue with the DSL connection at the remote site, it has been
decided to introduce an ISDN circuit at each end, so if the dsl fails, then
the sites can connect via ISDN.
ISDN calls must be made from the MAIN site to the remote site.
After asking on this group the other day, it was suggested that the
backup-interface doesn't work that well, and some sort of route object
tracking was needed to perform the function correctly.
This is what i have tried to do however its not working I'm sure its only an
access list that is stopping the ISDN dialling up, but I'm not seeing my
mistake at the moment! Can you?
--------------------------
Configuration from Main site (any boring stuff edited out)
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
!
ip sla monitor 1
type echo protocol ipIcmpEcho (ADSL outside interface at remote site)
ip sla monitor schedule 1 life forever start-time now
!
isdn switch-type basic-net3
!
crypto pki trustpoint TP-self-signed-30453xxxxxx
!
!
crypto pki certificate chain TP-self-signed-30453xxxxxx
!
username admin privilege 15 secret
username backup password 7
!
!
track 123 rtr 1 reachability
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxx address (ADSL outside interface at remote site)
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer (ADSL outside interface at remote site)
set transform-set ESP-3DES-SHA
match address 100
!
!
!
interface FastEthernet0/0
ip address 192.168.1.242 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/1/0
no ip address
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
isdn point-to-point-setup
ppp authentication chap
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname name@isp.com
ppp chap password 7
crypto map SDM_CMAP_1
!
interface Dialer2
ip address 172.16.200.2 255.255.255.0
encapsulation ppp
dialer pool 2
dialer idle-timeout 180
dialer string (remote site number)
dialer-group 2
ppp chap hostname backup
ppp chap password 7 (same as password defined above)
!
ip local policy route-map MY_Backup_Policy
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 track 123
ip route 0.0.0.0 0.0.0.0 Dialer2 100
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 105 permit icmp any host (remote site) echo
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map MY_Backup_Policy permit 10
match ip address 105
set interface Null0
set ip next-hop (outside interface of this router when connected to adsl)
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
end
--------------------------
Remote site (remember this just needs to answer the isdn calls from main
site)
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
!
isdn switch-type basic-net3
!
crypto pki trustpoint TP-self-signed-214962xxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-214962xxxx
!
!
crypto pki certificate chain TP-self-signed-214962xxxx
certificate self-signed 01
!
username admin privilege 15 xxxxxxxxxxxx
username backup password 7 xxxxxxxxxx
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxx address (main site outside interface)
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer (main site outside interface)
set transform-set ESP-3DES-SHA
match address 100
!
interface FastEthernet0/0
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname name@isp.com
ppp chap password 7
crypto map SDM_CMAP_1
!
interface Dialer2
ip address 172.16.200.2 255.255.255.0
encapsulation ppp
dialer pool 2
dialer-group 2
ppp chap hostname backup
ppp chap password 7 (same as password defined above)
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer2 100
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 101
!
end
--------------------------
To show that tracking is working correctly on the MAIN unit, you can see the
following:
#sho track
Track 123
Response Time Reporter 1 reachability
Reachability is Up
1 change, last change 00:00:26
Latest operation return code: OK
Latest RTT (millisecs) 52
Tracked by:
STATIC-IP-ROUTING 0
#sho ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C (outside interface of this router) is directly connected, Dialer0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
195.166.128.0/32 is subnetted, 1 subnets <-ISP kit
C 195.166.128.123 is directly connected, Dialer0 <-ISP kit
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
#show ip route track-table
ip route 0.0.0.0 0.0.0.0 Dialer0 track 123 state is [up]
--------------------------
Congratulations if you have got this far, thanks for taking the time to
read and a triple thanks! if you are able to point out the errors in my way.
Thanks!
ASKER
>Are you sure you have the correct switch type?
>Can you post result of "show isdn status"
Yes, i'm in the UK :)
#sho isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0/1/0 interface
dsl 2, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 116, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
CCB:callid=8007, sapi=0, ces=1, B-chan=1, calltype=DATA, hdlctype=HDLC-T
RUNK
Active dsl 2 CCBs = 1
The Free Channel Mask: 0x80000002
Total Allocated ISDN CCBs = 1
#
>Try using a dynamic routing protocol. Add this
Added that, now the ISDN dials up constantly, soon as it drops it re-dials up.
However don't you mean " network 172.16.200.0 "
(strangely the router cannot ping either of the 172.16.200.x address either remote or itself )
>You also have the same IP address on the dialer2 interface at remote as you do at MAIN
>interface Dialer2
Yes spotted that myself just after I posted (sorry) - Main is now .1 and remote is .2
So, in summary, the ISDN does now indeed dial up and connects (although constantly rather than when the reachability of remote network goes down).
Still - I don't believe the solution as a whole works as it should be working as there appears to be no communication over the ISDN once it is dialled up.
Thank you very very much for you answer so far.
>Can you post result of "show isdn status"
Yes, i'm in the UK :)
#sho isdn status
Global ISDN Switchtype = basic-net3
ISDN BRI0/1/0 interface
dsl 2, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 116, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
CCB:callid=8007, sapi=0, ces=1, B-chan=1, calltype=DATA, hdlctype=HDLC-T
RUNK
Active dsl 2 CCBs = 1
The Free Channel Mask: 0x80000002
Total Allocated ISDN CCBs = 1
#
>Try using a dynamic routing protocol. Add this
Added that, now the ISDN dials up constantly, soon as it drops it re-dials up.
However don't you mean " network 172.16.200.0 "
(strangely the router cannot ping either of the 172.16.200.x address either remote or itself )
>You also have the same IP address on the dialer2 interface at remote as you do at MAIN
>interface Dialer2
Yes spotted that myself just after I posted (sorry) - Main is now .1 and remote is .2
So, in summary, the ISDN does now indeed dial up and connects (although constantly rather than when the reachability of remote network goes down).
Still - I don't believe the solution as a whole works as it should be working as there appears to be no communication over the ISDN once it is dialled up.
Thank you very very much for you answer so far.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You might also combine that with the backup interface command
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080094cb0.shtml
http://www.cisco.com/en/US/tech/tk801/tk133/technologies_configuration_example09186a0080094cb0.shtml
ASKER
>OK, that's progress.
Indeed it is, thank you.
> So, how about we deny EIGRP from triggering the dialer:
Your commands worked great the ISDN did not dial, i dropped the ATM interface and it then dialled up
Problems encountered now though :(
ATM interface comes back up - yet routing through it is impossible, the 0.0.0.0 route stays with the dialer2 (isdn dialer) and does not move back to the dialer1 (atm interface)
Still unable to route (see routing tables below when the atm interface is down at the main site, and the ISDN has dialed up)
MAIN: (appears correct to me)
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer2
#
REMOTE: (appears incorrect - still a dialer1 shown as default)
ateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C (outside inteface of this router) is directly connected, Dialer0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
195.166.128.0/32 is subnetted, 1 subnets
C 195.166.128.53 is directly connected, Dialer0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
#
>You might also combine that with the backup interface command
Indeed this is where i started, however if the atm interface stays up, yet the ISP has routing issues, the backup wouldn't kick in, meaning the communication between the sites would be down until someone physically removed the dsl interface from one of the routers, at least with reachability, anywhere on the link can fail and the ISDN can kick in and work in its place. (that's my opinion but I'm willing to learn a different way if necessary)
Thanks
Indeed it is, thank you.
> So, how about we deny EIGRP from triggering the dialer:
Your commands worked great the ISDN did not dial, i dropped the ATM interface and it then dialled up
Problems encountered now though :(
ATM interface comes back up - yet routing through it is impossible, the 0.0.0.0 route stays with the dialer2 (isdn dialer) and does not move back to the dialer1 (atm interface)
Still unable to route (see routing tables below when the atm interface is down at the main site, and the ISDN has dialed up)
MAIN: (appears correct to me)
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer2
#
REMOTE: (appears incorrect - still a dialer1 shown as default)
ateway of last resort is 0.0.0.0 to network 0.0.0.0
80.0.0.0/32 is subnetted, 1 subnets
C (outside inteface of this router) is directly connected, Dialer0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.200.0 is directly connected, Dialer2
195.166.128.0/32 is subnetted, 1 subnets
C 195.166.128.53 is directly connected, Dialer0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer0
#
>You might also combine that with the backup interface command
Indeed this is where i started, however if the atm interface stays up, yet the ISP has routing issues, the backup wouldn't kick in, meaning the communication between the sites would be down until someone physically removed the dsl interface from one of the routers, at least with reachability, anywhere on the link can fail and the ISDN can kick in and work in its place. (that's my opinion but I'm willing to learn a different way if necessary)
Thanks
ASKER
Hrrm.
As a thought, my original question was for getting the ISDN to dial-up, this has now been solved.
Therefore should i award points to the poster who answered and got the ISDN working and then start a fresh topic for the new issue that i have?
As a thought, my original question was for getting the ISDN to dial-up, this has now been solved.
Therefore should i award points to the poster who answered and got the ISDN working and then start a fresh topic for the new issue that i have?
That would be the best option...
I'll help as much as I can, I just had to catch a flight yesterday and spent most of the afternoon/evening waiting on a late flight.
I'll help as much as I can, I just had to catch a flight yesterday and spent most of the afternoon/evening waiting on a late flight.
ASKER
>That would be the best option...
That is what i shall do then, thank you very much for your help so far with this.
> I'll help as much as I can, I just had to catch a flight yesterday and spent most of the afternoon/evening waiting on a late flight.
No worries - as you can tell i haven't been around either, due to being dragged onto another project. I'm back again now and still wanting to resolve this - so look out for a new post shortly!
That is what i shall do then, thank you very much for your help so far with this.
> I'll help as much as I can, I just had to catch a flight yesterday and spent most of the afternoon/evening waiting on a late flight.
No worries - as you can tell i haven't been around either, due to being dragged onto another project. I'm back again now and still wanting to resolve this - so look out for a new post shortly!
Are you sure you have the correct switch type?
Can you post result of "show isdn status"
Even if your DSL line goes down, and your router dials the other end, the other end won't change its route because its DSL line is still up...
Try using a dynamic routing protocol. Add this:
MAIN:
router eigrp 1000
network 172.16.0.0
no auto-summary
REMOTE:
router eigrp 1000
network 172.16.0.0
no auto-summary
You also have the same IP address on the dialer2 interface at remote as you do at MAIN
interface Dialer2
ip address 172.16.200.2 255.255.255.0 <== same IP on both?