Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Redistribute Static routes-ISDN backup to VPN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Redistribute Static routes-ISDN backup to VPN

    Hi Guys, hoping someone here may be able to help,

    I've configured an ASA5510 with a number of Lan-to-LAN VPN's. I enable Reverse Route Injection so that the the routes to the remote networks appear automatically in the ASA routing table as static routes. I'm also using OSPF to distribute these routes to an upstream router with backup ISDN lines. The upstream router has static routes using these backup lines with administrative distances of 150 (ie larger than OSPF's 110), so normally it sends traffic through the VPNs.

    The route distribution to the upstream router works fine, however if one of the remote VPN peers goes down, the route to it doesn't disappear, it remains in the ASA route table and is propagated via OSPF to the upstream router and so it doesn't dial the backup line. Can anyone explain why the Reverse Route Injection in the ASA still happens even if the VPN link fails?

    My other option is object tracking to test when a VPN is down, but this is much more work than dynamic routing, so I'd like to avoid it if I can.

    Any help or suggestions appreciated.