ISDN backup to ADSL: the receiving end

Then your provider is sending you only an aggregate prefix (i.e. not load of specific prefixes for each site)? Is it BGP, RIP or just statically configured on your side? At this moment it's not clear why your RIP routes are preferred.

One way to do it is to specify sites networks in the RADIUS profile for user associated with that site. If your provider sends you only aggregate then specifying specific route will be sufficient. If provider sends all specific networks, then just make metric via dial-up connection to be always better. This way your central router will always prefer dial path as soon (and as long) as remote site is connected via ISDN. Note that you need to take care to bring down ISDN link at the remote site and not at central office when you don't need it, else traffic will keep going over it (because of the better metric central router will always see traffic that causes dialer idle-timeout to reset).

Kind regards, iLya

The Netopia 3366C-ENT does support RIP

This is being tested by the private network provider, so I cannot tell you exactly what they did. From what they told me, for some reason RIP does not work in the Netopia once all the other features (such as GRE tunneling) are turned on to try to get RIP working over an IPsec VPN.

The problem is that if the metric for the dialer is higher on a static route, then the central router will always be waiting for the dialer to make a conenction to the dialer. Even if the connection is not there, the dialer still is. Remember that this is the receiving end of the dialup call, not the one making the call.

Is there a way to define a static network route in the user profile so the the route will only appear when the user is dialed in, but will disappear when the user logs out?

on the receiving end there won't be any route until user dials in because you install route via RADIUS. And that's why it's important for remote site to bring the dial backup line down as soon as primary line is available again.

That's exactly what "Framed-Route" RADIUS attribute does. In any case I'd suggest you not to use dialer on the central router, but use virtual-template instead.

Kind regards, iLya

It looks like RADIUS would work, but right now we are not running a RADIUS server. Is there another way to do this inside the Cisco 3640 router?

I'm afraid there isn't way to dynamically install per-user routes other than via RADIUS. If you have only dozen sites, find some old unused PC (no need to be powerfull at all, no need for big disk), install FreeBSD on it and install one of the RADIUS packages found in /usr/ports collection. Should take you about a day to get things running.

Kind regards, iLya

You MAY be able to get what you want by using IP unnumbered and pointing your static route for the remote to the IP address of the remote dialer. The routers will automatically create a host route to the IP address used by the other dialer unless you explicitly disable it. This may require using virtual templates, but does not require using RADIUS. Note however, that while it solves the problem at the 3640 end, it does not address the routing problem at the remote site nor does it address how the remote site is going to determine that the VPN has gone down so it can automatically dial the ISDN call.

Good luck and have fun!