Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 530
  • Last Modified:

vpn site to site redundancy

Experts,

Trying to understand if it is possible to have two ISP to have a redundancy on a VPN site-to-site connection? If so, what are the technology to be use and hardware components?


Cheers!
0
gsmith888
Asked:
gsmith888
3 Solutions
 
xtermieCommented:
An interesting case is presented here:
http://networkology.net/2013/03/08/site-to-site-vpn-with-dual-isp-for-backup-redundancy/

while an interesting discussion about the same issue here:
https://supportforums.cisco.com/thread/2086955

and an answer to a similar question to yours here:
http://forums.juniper.net/t5/SRX-Services-Gateway/Question-about-site-to-site-vpn-with-two-ISP-on-every-site/td-p/127689

Hope these will help you out!
0
 
corowerCommented:
simple answer is "yes, it is possible".
basically, to have full redundancy, both VPN endpoints should have two connections, and then you might use some kind of bonding to get that required level of redundancy (and, probably higher throughput). there definately is a solution for unix boxes (althou, you will need some handwork configuring). if you want to have something like pre-configured appliance, look for Mushroom Networks solutions, maybe something will fit you.

if you're tight with budget - look for MikroTik (either hardware or just software), in their manual there is a described solution exactly for creating several VPNs using two (or more) ISPs for redundancy.
0
 
CITG_CarlCommented:
What are your current VPN endpoints? Are you using firewalls either side or just routers?
0
 
gsmith888Author Commented:
firewalls on my side and for the other side different flavors as they are partners
0
 
CITG_CarlCommented:
Obviously the first step is having either two routers at your spoke, or a device that can handle multiple internet lines.

Sonicwall has VPN settings which can detect a drop on a line, and migrate rules/vpns to the backup line. You would need the spoke endpoint sat ready to accept this connection mind

Cheers
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now