Link to home
Start Free TrialLog in
Avatar of fireguy1125
fireguy1125

asked on

Sonicwall NSA 240 VPN Setup and Router Failover

My Sonicwall NSA240 has a VPN tunnel to our main office NSA 3500 which works fine.  However I would also like to have as a backup our other router which is for a point to point t1 that is setup between our sites. Both are routing our local network 10.1.1.0/24 . I have a static route pointing to the T1 router for the desination network at our main office of 192.168.0.0/16  I also have checked allow VPN path to take precedence in the static route settings, and it seems to be doing this.  However when I disable the VPN tunnel, traffic does not appear to flow to the T1 router.  What am I missing here? I have the router connected to the X2 interface of the sonicwall.  It does not have an assigned zone, because when I enter that it's asking for static IP settings. so I left it unassigned.  I also tried plugging in directly to the switch, and it still does not appear to route traffic over it.  I want to use the T1 router as a failover if then VPN tunnel ever goes down (due to loss of WAN connectivity).
Avatar of digitap
digitap
Flag of United States of America image
To route over the T1, you'd need to provide some kind of gateway for the traffic. You'd have to have a router provided by the vendor of the p2p T1. On the LAN of the router, what's the IP address you've assigned? You'd use that in the static route, which I assume you've done. Or, you could create a new subnet and new zone on the X2 interface.

Additionally, you'd need to configure the routing on the other end as well. The other end would need to know what to do with the traffic as it came out the T1. Otherwise, you're not going to get ping replies and it will seem like traffic isn't flowing over the T1.
Avatar of fireguy1125
fireguy1125

ASKER

The routing over the T1 is already setup, both ends have a Cisco 1721 router, with the remote site (with NSA 240) having the FE/0 interface assigned 10.1.1.254 and the HQ (site with the NSA 3500) has the Cisco 1721 FE/0 assigned 192.168.10.254.  Previously these 2 routers were both just plugged into the switches at each site, and in the sonicwall we had a static route setup, and it was working fine.

So as I understand, the static routes need to remain in place on the sonicwalls respectively? How would this be setup in a failover condition? I would not want traffic to flow over the T1 when the VPN tunnel is online and active. This is especially the case when the reply time between the routers over the T1 is 5ms, but over the VPN is 20-30ms.  
ASKER CERTIFIED SOLUTION
Avatar of digitap
digitap
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial