Cisco 5505 - routing traffic to outside interface, if VPN tunnel isdown

Discussion in 'Cisco' started by Personne, Sep 30, 2009.

  1. Personne

    Personne Guest

    Hi,

    The subject is not very clear, but let me explain what I would like to
    try to achieve.

    Because of content filtering purpose I redirect all the traffic from
    our branches to our HQ through a VPN tunnel. This is working well, but
    I need a kind of disaster recovery plan, in case my HQ goes down.
    Indeed, by redirecting all my traffic to my HQ, if my HQ goes down the
    VPN will go down and then my branch offices won't even be able to go
    to the Internet.

    What I would like to do is:
    If the VPN tunnel is up between Site A and the HQ, then redirect all
    traffic to the HQ
    if the VPN tunnel is down, then route traffic to the outside
    interface, and allow my user at least to access the Internet

    Thanks for your help
     
    Personne, Sep 30, 2009
    #1
    1. Advertising

  2. Personne

    Uli Link Guest

    Re: Cisco 5505 - routing traffic to outside interface, if VPN tunnelis down

    Personne schrieb:
    > Hi,
    >
    > The subject is not very clear, but let me explain what I would like to
    > try to achieve.
    >
    > Because of content filtering purpose I redirect all the traffic from
    > our branches to our HQ through a VPN tunnel. This is working well, but
    > I need a kind of disaster recovery plan, in case my HQ goes down.
    > Indeed, by redirecting all my traffic to my HQ, if my HQ goes down the
    > VPN will go down and then my branch offices won't even be able to go
    > to the Internet.
    >
    > What I would like to do is:
    > If the VPN tunnel is up between Site A and the HQ, then redirect all
    > traffic to the HQ
    > if the VPN tunnel is down, then route traffic to the outside
    > interface, and allow my user at least to access the Internet
    >
    > Thanks for your help


    A floating static route with higher metric (200 for e.g.) than the route
    through the VPN tunnel may do the job if your route to the HQ is learned
    via routing protocol.

    Don't know if the ASA also can track objects for static routes.

    --
    ULi
     
    Uli Link, Sep 30, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,102
    Claude LeFort
    Nov 11, 2003
  2. marti314
    Replies:
    1
    Views:
    2,126
    Walter Roberson
    Aug 5, 2005
  3. GNY
    Replies:
    0
    Views:
    752
  4. Jack
    Replies:
    0
    Views:
    704
  5. kyoo
    Replies:
    22
    Views:
    2,095
    Aceman
    Apr 12, 2008
Loading...

Share This Page