Site to Site VPN - Firewall vs Router
Posted on 2013-11-24
I need some advice on configuring site to site VPN tunnel between our datacenter and a remote office.
We currently have Fortinet firewalls on all of our remote offices including the datacenter and already configured a few IPSec VPN tunnels between the datacenter and a small offices that are not connected to our MPLS network.
In this senario, I have a remote office which has MPLS and seperate Internet circuit and I want to create a backup route in case the MPLS at this remote office goes down.
My question is that which will be the best way to configure VPN as a backup route.
First one is to configure the VPN between the two firewalls from/to datacenter and the remote office. This will utilize the internet circuit from both locations and all the routing will be handled by the firewalls in between the MPLS sites through the datacenter.
Second one is to configure IPSec VPN between the Datacenter MPLS router and remote office internet router using BGP for the routing between all MPLS networks. The datacenter has Cisco 1921 and the remote office has Cisco 891.
I would like to go with the second option but I wanted to ask for your opinion on this.