Re: Failover issues using VPN

Discussion in 'Cisco' started by al, Apr 1, 2004.

  1. al

    al Guest

    Thanks.
    We will try "no ip redirects" and will keep you posted of the results.
    -al


    "Rik Bain" <> wrote in message
    news:p...
    > On Mon, 29 Mar 2004 17:43:08 -0600, Al wrote:
    >
    >
    > > "Rik Bain" <> wrote in message
    > > news:p...
    > >> On Mon, 29 Mar 2004 17:00:54 -0600, Al wrote:
    > >>
    > >> > Hi all,
    > >> > Here's the scenario:
    > >> > We have the main HQ office and a Remote office. HQ is connected to
    > >> > the Remote office via private T1 line using our Cisco 2600 (it is
    > >> > using EIGRP).
    > >> > On both locations we also have a Firewall to the Internet and also
    > >> > configured as a backup VPN site-to-site. The Cisco 2600 and the
    > >> > Firewall are both connected to the LAN, meaning Cisco 2600 as our
    > >> > default gateway and it will forward packets to the Firewall for
    > >> > Internet request. We configured the Cisco 2600 to forward packets to
    > >> > the Firewall via VPN if the private T1 is down by using a static
    > >> > route with a lower priority so that it will prefer the private T1 via
    > >> > EIGRP. The problem is that if the failover occurs and the
    > >> > workstations start using the VPN, it won't go back to the private T1
    > >> > anymore even if the T1 comes back up. Based on the workstation's
    > >> > routing table, the VPN connection is only 1 hop to the remote office
    > >> > versus the private T1 which is 3 hops. Is this design an effective
    > >> > one?
    > >> > Thanks,
    > >> > Sid
    > >>
    > >> Is it possible that the router is sending ICMP redirects, thus causing
    > >> the client to send packets directly to firewall instead of router?
    > >> Verify by looking at the route table on the client ("route print" under
    > >> windows) during this period.
    > >>
    > >> If this is the case, disable ip redirects on the interface in question.
    > >>
    > >> Rik Bain

    > >
    > > Disable ip redirects on the Cisco 2600 ethernet side? thanks, Al

    >
    > If I understood your topology correctly, yes. You want the router to
    > make all routing decisions. If it sees a gw on the same subnet as
    > itself and the device that forwarded the packet, it will instuct the
    > client via ICMP redirect to use the gw directly, instead of forwarding
    > future packets to the router.
    >
    > Example (adjust interface name accordingly):
    >
    > !
    > interface e0
    > no ip redirect
    > !
    >
    >
    > Rik Bain
     
    al, Apr 1, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alec Waters
    Replies:
    0
    Views:
    1,575
    Alec Waters
    Jun 9, 2004
  2. ahed shaker

    Re: Failover issues using VPN

    ahed shaker, Jun 25, 2004, in forum: Cisco
    Replies:
    0
    Views:
    474
    ahed shaker
    Jun 25, 2004
  3. Replies:
    0
    Views:
    470
  4. Replies:
    0
    Views:
    336
  5. Pit
    Replies:
    0
    Views:
    1,204
Loading...

Share This Page