network diagram


I have an existing Internet network with the follow:

Internet <=> Sonicwall (with VPN, site to site) <=> LAN
Internet <=> Cisco PIX (with VPN, site to site) <=> LAN

I would like to have a redundant fail-over on the sonicwall and the firewall is capable of dual WAN. Please keep in mind that there will be VPN connections in the sonicwall. I'm thinking to set up the fail-over I would do something like this:

Internet <=> Sonicwall (with VPN, site to site) <=> LAN
Internet <=> Cisco PIX  (with VPN, site to site) <=> LAN

Basically the Sonicwall will use a secondary WAN link and using the WAN IP of in it's secondary WAN link. Would the network know that they can use the VPN through cisco PIX's VPN site to site?

Let me know your thoughts.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi gsmith888,

What is the model & firmware of your SonicWALL?

Are these two separate locations or are you using two firewalls at one location?

When you are talking about redundancy are you talking about HA (hardware fail-over) or Dual WAN fail-over and/or load balancing?
If you are talking about WAN fail-over and/or load balancing, follow these steps:
If you are talking about HA, follow these steps:

If the configuration is WAN Fail-over you can setup the VPN to use the active WAN connection.

Let me know if you have any questions!
gsmith888Author Commented:
Would the sonicwall route the VPN traffic to use the Cisco PIX? as the VPN connections are there.
Blue Street TechLast KnightCommented:
I need more clarification on the questions I've asked above to understand how to answer you.

I don't know yet if the PIX is in a different location or the same as the SonicWALL.

I'm assuming they are in two different locations and the site-to-site is between the PIX and the SonicWALL.

If the SonicWALL has dual WAN fail-over setup then the tunnel would remain in tact...obviously the non-failing WAN IP would just need to be used in order to connect to it.

Does that make sense?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

gsmith888Author Commented:

Good deal - both pix and sonic wall are in one location. I was concerned that sonicwall wouldn't know where the VPN networks are, since they are configured on the Cisco pix - I agree and think that Cisco pix would route them through it's VPN tunnels.
Blue Street TechLast KnightCommented:
Great! Any other questions?
Blue Street TechLast KnightCommented:
Have I answered all your questions?
gsmith888Author Commented:
if you have time, since you are knowledgeable please take a look at
Blue Street TechLast KnightCommented:
Sure, I'm hoping over there now.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.