I’m trying to connect multiple sites with site-to-site VPN and MPLS (hosted) failover. Site A is the primary site and it has a ISR 4331, Site B has an ISR 4321. Each location also has a SonicWall NSA appliance with its own dedicated internet connection that handles all client internet services. (SMTP, web, RDP, etc.) Each ISR has a dedicated fiber line for VPN and a serial interface (T1) for MPLS. Cisco IOS isn’t really my forte, and I’m having some issues with the configuration.
So, here’s the setup…
LAN – 192.168.10.1
SonicWall – 192.168.10.2
GigabitEthernet0/0/1 (Fiber for VPN) – 10.1.1.1
Serial0/1/0:1 – 22.214.171.124
LAN – 192.168.20.1
SonicWall – 192.168.20.2
GigabitEthernet0/0/1 (Fiber for VPN) – 126.96.36.199
Serial0/1/0:1 – 188.8.131.52
Focusing on Site A and assuming the VPN tunnels are configured properly, (I used the wizard) I’ve added the following routes:
ip route 0.0.0.0 0.0.0.0 192.168.10.2
(for client internet traffic)
ip route 192.168.20.0 255.255.255.0 GigabitEthernet0/0/1
(for the VPN traffic)
ip route 192.168.20.0 255.255.255.0 Serial0/1/0:1 250
(for MPLS failover)
Here are my questions.
1) How do I add the next hop route for the GigabitEthernet0/0/1 interface? If the gateway for that connection is 10.1.1.2, is it as simple as adding: ip route 0.0.0.0 0.0.0.0 10.1.1.2 10?
2) Is this the best way to configure the failover? Should I be using different routing protocols?
3) Will this even work?