Professional Documents
Culture Documents
How To - Use VPN MPLS As A Backup (MPLS Scenario)
How To - Use VPN MPLS As A Backup (MPLS Scenario)
How To - Use VPN MPLS As A Backup (MPLS Scenario)
Scenario)
Network Schema
Consider a hypothetical network where a VPN Link and an MPLS Link connects a Head Office (HO)
and Branch Office (BO).
Head Office:
The Head Office Cyberoam has been configured with Port A as LAN, Port B as WAN and Port D as
DMZ. The MPLS link has been terminated on DMZ (Port D).
Cyberoam LAN IP: 192.168.1.254
Cyberoam WAN IP: 202.134.168.202
Cyberoam DMZ IP: 10.10.10.2 (MPLS Link)
Branch Office:
The Branch Office Firewall configured as follows:
LAN IP: 192.168.2.254
WAN IP: 202.134.168.206
DMZ IP: 11.11.11.1 (MPLS Link)
Configuration
You can configure the failover to an IPSec link when the MPLS link fails by following the steps
mentioned below.
Make sure that the IPSec connection is active and connected before configuring it as a
backup link.
You can also use TCP for monitoring the remote device. The Syntax is:
cyberoam link_failover add primarylink <Port on which MPLS is connected>
backuplink <VPN link name on which traffic needs to be forwarded> monitor TCP
host <IP address of the remote device which needs to be monitored for failover>
port <port of the remote device which needs to be monitored for failover>
Go to Network > Static Route > Unicast and click Add to add a static route using following
parameters.
Parameter Description
Parameter
Value
Description
Destination IP
192.168.2.0
Netmask
/24 (255.255.255.0)
Gateway
10.10.10.2
Interface
PortD 10.10.10.2
Go to Network > Static Route > Unicast and click Add to add a static route using following
parameters.
Parameter Description
Parameter
Value
Description
Destination IP
11.11.11.1
Netmask
/32 (255.255.255.255)
Gateway
10.10.10.2
The above configuration sets the VPN Link as a backup if the primary MPLS Link fails.