troubleshooting Question
Multiple site-to-site VPN connections between two networks
Qualitycomputer asked on
I have a client running a site-to-site VPN connection in order to allow secure RDP access to users at a remote site. The remote users are on a completely separate Windows domain and use the tunnel purely for port 3389 access to virtual workstations and RDP servers at my client's site. My client maintains two WAN connections - one from a DSL provider (on which the VPN tunnel lives), the other from a cable provider. They each have their own separate static IP address blocks.
My client uses a SonicWall TZ210 and utilitzes some of the bandwidth management features to optimize Internet traffic between their two WAN links. What we don't have is a redundant VPN connection to the remote site. The remote site apparently uses Cisco routers on their end which hasn't been any problem at all for the site-to-site VPN connection.
Is it practical to set up two VPN tunnels between the two sites so that if the DSL connection fails the cable connection can act as a failover? Would the remote site also need two separate IP blocks on their end or can they do something akin to a one-to-many relationship? Even if it is not practicle to have true failover capability, it would still be nice if I could uncheck the primary tunnel in the event of a DSL outage and instead mark the cable connection as the active tunnel. Is this easy to do?
My client uses a SonicWall TZ210 and utilitzes some of the bandwidth management features to optimize Internet traffic between their two WAN links. What we don't have is a redundant VPN connection to the remote site. The remote site apparently uses Cisco routers on their end which hasn't been any problem at all for the site-to-site VPN connection.
Is it practical to set up two VPN tunnels between the two sites so that if the DSL connection fails the cable connection can act as a failover? Would the remote site also need two separate IP blocks on their end or can they do something akin to a one-to-many relationship? Even if it is not practicle to have true failover capability, it would still be nice if I could uncheck the primary tunnel in the event of a DSL outage and instead mark the cable connection as the active tunnel. Is this easy to do?
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.