Solved

vpn site to site redundancy

Posted on 2013-05-24
5
515 Views
Last Modified: 2013-05-26
Experts,

Trying to understand if it is possible to have two ISP to have a redundancy on a VPN site-to-site connection? If so, what are the technology to be use and hardware components?


Cheers!
0
Comment
Question by:gsmith888
5 Comments
 
LVL 17

Accepted Solution

by:
xtermie earned 200 total points
ID: 39193843
An interesting case is presented here:
http://networkology.net/2013/03/08/site-to-site-vpn-with-dual-isp-for-backup-redundancy/

while an interesting discussion about the same issue here:
https://supportforums.cisco.com/thread/2086955

and an answer to a similar question to yours here:
http://forums.juniper.net/t5/SRX-Services-Gateway/Question-about-site-to-site-vpn-with-two-ISP-on-every-site/td-p/127689

Hope these will help you out!
0
 
LVL 3

Assisted Solution

by:corower
corower earned 150 total points
ID: 39193944
simple answer is "yes, it is possible".
basically, to have full redundancy, both VPN endpoints should have two connections, and then you might use some kind of bonding to get that required level of redundancy (and, probably higher throughput). there definately is a solution for unix boxes (althou, you will need some handwork configuring). if you want to have something like pre-configured appliance, look for Mushroom Networks solutions, maybe something will fit you.

if you're tight with budget - look for MikroTik (either hardware or just software), in their manual there is a described solution exactly for creating several VPNs using two (or more) ISPs for redundancy.
0
 
LVL 3

Expert Comment

by:CITG_Carl
ID: 39194134
What are your current VPN endpoints? Are you using firewalls either side or just routers?
0
 

Author Comment

by:gsmith888
ID: 39194160
firewalls on my side and for the other side different flavors as they are partners
0
 
LVL 3

Assisted Solution

by:CITG_Carl
CITG_Carl earned 150 total points
ID: 39194167
Obviously the first step is having either two routers at your spoke, or a device that can handle multiple internet lines.

Sonicwall has VPN settings which can detect a drop on a line, and migrate rules/vpns to the backup line. You would need the spoke endpoint sat ready to accept this connection mind

Cheers
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Network Config 9 59
How to setup PLEX PLUS on 2 computers 2 15
EIGRP Bandwidth 2 13
Cisco CUCM 10.5: password recovery 2 11
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now