how to route out different VPN tunnels

Discussion in 'Cisco' started by Chauncy Desmond, Apr 18, 2007.

  1. Hi All,

    We have pix site to site vpns using pix 501's and cvpn 3015 concentrator . I
    would like to create a failover tunnel from remote sites back to HQ. We have
    a RIP capable 3com 4950 switch back at HQ..does not seem to work. I also
    have an old 2500 router, as well.

    Scenario is basically

    remote int. network--REMOTE PIX <====>(ip CISCO 3015-------default
    internal gateway----HQ internal network
    TEST PIX 501---------------------------------HQ internal network

    Would like to eventually get another concentrator or possibly an ASA
    appliance as a failover peer for our remote sites, but I am not sure how I
    could get traffic to route internally to this backup device. I have
    successfully built tunnel from test PIX to the remote pix, but encrypted
    traffic will only flow if I explicitly set test pix as my default gateway

    Have tried using static routes with different metrics on the 2500 to use
    test PIX as a 'floating' route, per go (and that would only work if
    route 1 was Also tried RIP between 2500 and PIX, but PIX does not
    advertise route to the remote tunneled network...

    In a nutshell...what protocol/method would you recommend so that traffic
    could talk back to remote sites depending upon which device it came in from?

    thanks much!
    Chauncy Desmond, Apr 18, 2007
  2. Sorry..should have mentioned that I am trying to get this working using a
    test PIX in the time being (as shown in my awful diagram) and that 2500
    router is in the HQ internal network which Im hoping can make some routing
    decisions. Up until now, we have done fine sticking static routes to the
    concentrator for remote vpn networks.
    Chauncy Desmond, Apr 18, 2007
