this may seem like a strange question, but i am trying to achieve some kind of dynamic route failover using static routes. The reason I need to do this is because some of our remote sites use Cisco 850 series routers, and don't support EIGRP.
We are the central data centre in a hub and spoke topology. All remoote sites route via the hub. Each site has a single Cisco router and connects back to the core data centre via a secure VPN tunnel over GRE. Actually, we use 2 dedicated routers at the data centre for terminating the remote site VPN tunnels. 1 router routes out over 1 provider cloud, and the other goes out over another. This gives us some redundancy for the remote sites - although they only have 1 router they have 2 VPN tunnels back to the core, if 1 router at the core went down then the other VPN tunnel would take care of the routing. This works well for sites that have EIGRP running on the router.
On sites that don't support EIGRP, i have tried to work around this by configuring a static route pointing back to the data server network with AD of 1, and a 2nd static route pointing down the 2nd IPSEC GRE tunnel with an AD of 2. It was my understanding that, if there was a problem with the 1st tunnel, then the packets would route out of the 2nd tunnel via the static route with AD of 2.
However, it seems that when using IPSEC GRE tunnels, even if i manually shutdown the tunnel interface on the remote sites, the core site router still sees the GRE tunnel to the remote site as being up, and so does not failover to the 2nd VPN router. Therefore, the remote site sees the local tunnel interface as down, routes via the 2nd tunnel as per the higher AD, but the return packets will not arrive because the routers at the core site do not see a problem on the GRE tunnel and don't failover accordingly.
Has anybody got any suggestions on how this could be improved? Or do we simply need to use a routing protocol to achieve anything dynamic in this situation?
thanks in advance