Tieing two networks together using VPN

Hello,
I am trying to tie two networks together via VPN over two T1's. This has not been implemented yet and want to see if there is something I am missing/overlooking in my design. Just curious if anyone can analyze it and tell me I am a complete idiot or genious.

The basics of it is that I have a server sitting in the company HQ that hosts the POS system, Domain Controller and Exchange server. I have another point two cities over that need to use the POS System and Domain controller. I plan on using Cisco 1721 Routers to establish an L2TP VPN Connection between the two sites. Our shipping and receiving department, and a few company directors are moving to the Lynnwood branch, so this solution needs to work 24/7/365.

My concerns are the reliability of L2TP VPN being used 24/7, and proper configuration of the Cisco routers. I have a 1721 in the mail for me to play with before this whole thing gets implemented.

View my system design here: http://caseystrom.com/media/topog/

Thanks for your help in advance!
-Casey Strom
klo555Asked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
> this solution needs to work 24/7/365.
>I plan on using Cisco 1721
>My concerns are the reliability of L2TP VPN being used 24/7

I think these are the main points here. You need a reliable solution, but the 1721 is end-of-lifed product and I would not recommend them. I would recommend the newer 1841 T1 bundle with security features.

Generally speaking, the Cisco products and IPSEC VPN tunnels are extremely reliable, and the 1841's are particularly good.

There are many different points of failure where you need resiliency and dependability.
Power - make sure you have good UPS's on both ends. Make sure you have T1 surge protectors on the T1 lines on both ends

If you only have a single T1, then it is also a point of failure. Do you need a backup routing solution like DSL, or a 2nd T1? You need to monitor it for error conditions and be proactive with the telco at first signs of distress (errors or line resets).

If these are Internet T1's, then you are also at the mercy of many different providers and no Quality of Service guarantee, ever. There are issues outside your control if you rely on Internet for connectivity.

I would recommend going with a MPLS WAN connection from your telco. Or dedicated point to point T1. Since it would be a private network, it costs a bit more, but comes with Service Level Agreements that hold the telcos feet to the fire to be proactive on their own.

How redundant you make it is up to your budget. How much you budget depends on how much it costs per hour of downtime.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.