Here is my dilemma. We are currently implementing a fiber connection with a DSL/VPN connection as a backup. The issue that I am running into is that an ICMP redirect is causing the failover not to work as expected. This is because the fiber connection goes through an ISP and is configured with a private IP address. This fiber connection connects to our internal switch. From there it connects to the default gateway and out to the internet. Whenever a host communicates with this branch site via the fiber connection a route gets installed in the routing table due to an ICMP redirect message stating to use a different default gateway. Then whenever we simulate the failover the clients still try to communicate with the remote sites via the gateway that has failed. It has no way of knowing this and it just fails rather than sending it back to its default gateway to have it routed across the VPN tunnel. My question to all of you network/systems gurus out there is how can I get this setup and working so that the failover is automatic and the hosts at HQ are able to communicate with these remote devices once the DSL/VPN kicks in.
Some things that I have tested and tried were disabling ICMP redirects on the LAN interface of the SonicWall. This is not even possible on the SonicWall due to the zone that this interface is configured as. As per Design of the SonicWall there is no setting for this.
I have also tried to flush the routing table although this works, it defeats the purpose of having a secondary connection as all hosts would need to restart or flush their routing table. I would ideally like to have this process automatic so that downtime is minimal.
The majority of the machines running here as Mac OS X from 10.4-10.6. There are a few Windows machines but primary we use Mac's
Attached is a network diagram to get a better understanding.
I apologize in advance for my childish drawing. This was much easier to do rather than using anything computer aided.
Any help or advice is greatly appreciated.
