For configuring the VPN backup, the devices at the branch offices, main office and switching nodes must be considered separately.
- Branch
- "Dynamic VPN" over ICMP/UDP must be configured for the primary connection.
- The backup connection has no requirement for "Dynamic VPN".
- The backup is configured in the backup table, as with ISDN backup.
- At the branch office, the main office must be configured as a backup remote site.
- "Dynamic VPN" over ICMP/UDP must be configured for the primary connection.
- Head office
- Simplified RAS with certificates must be enabled.
- Selection of the remote network by the remote site must be enabled.
- A configuration in the backup table is not necessary here.
- Switching nodes
- The VPN connection to the main office must be completely configured.
- Simplified RAS with certificates must be enabled.
- Selection of the remote network by the remote site must be enabled.
Important: If the system does not have "combined networks" (i.e.the branch office network is a sub-network of the switching node and the switching node network is a sub-network of the central network), then the switching node's route to the branch office must point to the main office in order for the branch office to be able to reach the switching node in backup situations. In normal operation, this route is overwritten by the route passed by the branch office in the VPN (because remote sites may provide network relationships) and is therefore only used when the direct connection is torn down and the branch office establishes the backup connection.
