Question : Failing over between Active/Active WAN connections on a Cisco Router

I am configuring an 1800 series router with 2 WAN connections.

WAN 'A' and WAN 'B' are dissimilar internet connections provided by two different ISPs for failover.

Bandwidth is fairly expensive in this location and I would rather have 2 active internet connections then an active / passive scenario for failover. However I want to avoid using load balancing protocols due to the complexity .

I've configured WAN A to act as the terminator for our IPSEC VPN and WAN B to act as there internet connection using static routes.

so as an example:
192.168.0.0 255.255.0.0 through WAN A
0.0.0.0 0.0.0.0 through WANB

What I would like to know is, is there a way to failover between these interfaces? So if one of the WAN connections fails the routes transfer to the other connection.

Answer : Failing over between Active/Active WAN connections on a Cisco Router

Sure.
Floating static routes for the VPN endpoints and floating default routes with route-maps

For IPSEC VPN are you talking about mobile users or site-site VPN? Assuming you mean site-site VPN:

ip route 192.168.0.0 255.255.0.0 <wan A next hop>
ip route a.b.c.d 255.255.255.255 <wan A next hop>  <=== this is the remote peer IP address
ip route 192.168.0.0 255.255.0.0 <wan B next hop> 100
ip route a.b.c.d 255.255.255.255 <wan A next hop> 100  <== same routes with higher cost for failover

ip route 0.0.0.0 0.0.0.0 <wan B next hop>
ip route 0.0.0.0 0.0.0.0 <wan A next hop> 100

Since you can only have 1 default gateway on the router, it's going to be a little more difficult to serve mobile VPN clients due to not knowing their public IP addresses, and your primary default will be to ISPB.
Here's a way around that:

ip route 0.0.0.0 0.0.0.0 <wan A next hop> <== default to A will allow remote users to connect VPN
ip route 0.0.0.0 0.0.0.0 <wan B next hop> 100

access-list 101 deny ip <local network> <imask> 192.168.0.0 0.0.255.255  
access-list 101 permit ip <local networ> <imask> any

route-map ISPB permit 10
 match ip address 101
 set ip default next-hop <WAN B Next hop ip>

interface xxx
 descript inside LAN interface
 ip policy route-map ISPB


If WANB is down, route-map traffic will automatically take the default out the other ISP
Random Solutions  
 
programming4us programming4us