Create a Post
Showing results for 
Search instead for 
Did you mean: 

MPLS Failover to VPN

I have a question, I am trying to setup a MPLS redundancy using VPN as the failover mechanism .

the main site is checkpoint and remote vpn site is third party vendor using dynamic ip.

I hope we can achieve this requirement through route based vpn .

 Any suggestions anyone what can be done to allow redundant failover through the VPN when one of the routers die with in mind that no dynamic protocols are allowed.

0 Kudos
1 Reply

Use IP SLA on the internal router to fail-over from local MPLS route to the one leading to CP GW.

As this is a "remote vpn site is third party vendor using dynamic ip", you may have tough luck configuring VPN portion of your plan.

If you can persuade third party to switch to CP, you can use certificate-based VPN with dynamic IP.

Otherwise, you may be better off using native Cisco VPN between your perimeter router and that of the third party site.

It may look something like this:

Site-to-Site VPN tunnel with Dynamic Peer IP address |example with PSK and PKI (CCIE Notes) – Networ... 

While using CP for post/pre-VPN traffic filtering.

There is also this write-up that may point you to the right direction:

How to Configure a VPN for DAIP Gateway Connected to Internet Using USB 3G-Modem | Indeni 

But keep in mind all of the issues listed in sk103523.