Going a step further, the VPN gateways themselves can be backed up in case of failure. This case assumes the existence of a VPN connection between two gateways. In the event that one of the two VPN devices should fail, an ISDN connection is to take over the data transfer; in this case via a direct dial-in connection.
Regarding the configuration of this solution, we again assume a functional VPN coupling of the two networks. The following additional steps are required:
- A standard ISDN network coupling that routes the same subnets as the VPN connection is set up between the two ISDN routers. In the routing table, however, a distance is entered that is at least 1 higher than the corresponding route in the VPN gateway.
- The local RIP (RIP V2) has to be activated in all routers so that the VPN and ISDN routers can exchange information about the routes with the remote sites. The higher distance of the route via the ISDN gateway is, under normal circumstances, the poorer route.
- It is not necessary to define a backup connection in this case as a different device should take over the data transmission.
If there is a disturbance in the connection between the VPN devices, the value for the distance of the corresponding routes changes automatically: A route which is not available is marked with a distance of 16. Consequently, the route entered into the ISDN router automatically becomes the "better" solution and all data packets will be re-routed over the ISDN connection. As soon as the VPN connection is re-established, the distance changes to a value below that of the ISDN connection and the backup will be terminated as intended.