[satish.ojha]

Hi All,

I have got an assignment to setup the failover of MPLS link over the vpn link automatically. As of now we have two offices connected with the MPLS link and both the end is having the cisco 801 router provided by the ISP.

I want the MPLS will be always primary and all the traffic must go when he is ok. As soon as it goes down a vpn connection should take over it automatically. And if mpls comes back it must again switch back to MPLS network. We have a normal internet broadband at the both the offices and wish to use for VPN setup. In case if it can not be done automatically even on demand dialup will also ok for us.

As of we have a proprietary firewall which does not support the failover over the vpn. it supports only the wan link failover and we are not in position invest on secondary mpls link.

Kindly suggest the way and devices required at the both ends to setup the same. we approached several vendors but did not get the resolution.

thx
Satish

[auglan]

Can do it with IP SLA and Enhanced object tracking.

Pretty much the ip sla will continuously ping your next hop router in the MPLS network. If those pings fail then the associated static route in the routing table gets removed and a backup static route will be added (Route with higher AD).

Recommend configuring a VTI based Ipsec Vpn if you want multicast/broadcast over the tunnel. If you have more than 3 sites or will in the future then DMVPN will be the best route.

[satish.ojha]

Hi, thanks for your suggestion. will the route add and remove process will be automatically or it has to be done manually.

[auglan]

The route being tracked will be removed from the routing table when the IP Sla fails then the route with the higher AD will be added. When the original IP Sla comes back then the reverse will happen.