Qualitycomputer
asked on
Multiple site-to-site VPN connections between two networks
I have a client running a site-to-site VPN connection in order to allow secure RDP access to users at a remote site. The remote users are on a completely separate Windows domain and use the tunnel purely for port 3389 access to virtual workstations and RDP servers at my client's site. My client maintains two WAN connections - one from a DSL provider (on which the VPN tunnel lives), the other from a cable provider. They each have their own separate static IP address blocks.
My client uses a SonicWall TZ210 and utilitzes some of the bandwidth management features to optimize Internet traffic between their two WAN links. What we don't have is a redundant VPN connection to the remote site. The remote site apparently uses Cisco routers on their end which hasn't been any problem at all for the site-to-site VPN connection.
Is it practical to set up two VPN tunnels between the two sites so that if the DSL connection fails the cable connection can act as a failover? Would the remote site also need two separate IP blocks on their end or can they do something akin to a one-to-many relationship? Even if it is not practicle to have true failover capability, it would still be nice if I could uncheck the primary tunnel in the event of a DSL outage and instead mark the cable connection as the active tunnel. Is this easy to do?
My client uses a SonicWall TZ210 and utilitzes some of the bandwidth management features to optimize Internet traffic between their two WAN links. What we don't have is a redundant VPN connection to the remote site. The remote site apparently uses Cisco routers on their end which hasn't been any problem at all for the site-to-site VPN connection.
Is it practical to set up two VPN tunnels between the two sites so that if the DSL connection fails the cable connection can act as a failover? Would the remote site also need two separate IP blocks on their end or can they do something akin to a one-to-many relationship? Even if it is not practicle to have true failover capability, it would still be nice if I could uncheck the primary tunnel in the event of a DSL outage and instead mark the cable connection as the active tunnel. Is this easy to do?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you are Welcome, feel free to ask.
Thank you.
Thank you.
ASKER
Thanks for your response. It sounds like all I need to do is ask the remote site to add an IPsec Secondary Gateway to the existing connection that points to a new connection tunnel on the local SonicWall firewall.
Thanks!