This article describes how to configure dual ISP access in a project and enable automatic link switching. This article describes the VPN configuration, setting ipsec conversion sets, and other technical issues.
A recent project, with the customer headquarters in Huizhou and Hong Kong, has an ERP server and email server in the Hong Kong Branch, the Headquarters egress is the leased line (new) of China tietong 10 M optical fiber and China Netcom 1 m ddn. The original Headquarters used the netscreen firewall to connect to the Hong Kong's pix 515 for IPsec VPN, the customer requires that a new China Netcom ddnleased line be added to exclusively run the ERP data service, that is, the data from the headquarters to access the ERP server is usually directed to the ddnleased line, and the data from the email server is directed to ipsecVPN, however, when the two links are interrupted due to a fault, the link can be automatically switched. For example, if the ddnleased line fails, the ERP data of the original line can be automatically switched to the ipsec VPN line, if the line is restored, the system automatically switches.
Netscreen is studied to support policy routing, but it does not seem to support line detection (if you know, please provide information and learn ).
To meet the customer's requirements, I recommend using a Cisco 1841 router. Cisco supports policy routing and line detection. I have read the relevant documentation but have never implemented it.
Solution:
IP Address Allocation is as follows:
Headquarters IP segment: 192.168.1.0/24 Gateway: 192.168.1.111/24
Netscreen ssg-140 and transparent access,
R1 Configuration:
FastEthernet0/0 -- 192.168.1.111/24
FastEthernet0/1 -- 192.168.2.1/24 (the IP address of the tietong line has been changed to ipv_^)
Serial0/0 --- 192.168.3.1/24 (China Netcom line)
PIX 515 Configuration:
Ethernet1 (outside) -- 192.168.2.2/24
Ethernet0 (inside) -- 192.168.4.1/24
R2 Configuration:
FastEthernet0/0 -- 192.168.4.2/24
FastEthernet0/1 -- 192.168.5.1/24
Serial0/0 -- 192.168.3.2/24
Only the key parts are listed below:
VPN configuration R1----PIX515
R1: