We help IT Professionals succeed at work.

VPN failover on switch or on FW

144 Views
Last Modified: 2014-12-18
I need feedback on the preference to implement VPN failover on a layer 3 switch or on a FW. Basically, I will have a layer 3 switch connecting to a primary MPLS connection and the Internet as the VPN backup. My question is which scenario is best practice: 1 or 2 (see below)

scenario 1:
internet<-->fw<-->3560x<-->internal
                                |
                              MPLS CE router

scenario 2:
internet<-->fw<-->3560x<-->internal
                     |
            MPLS CE router
Comment
Watch Question

CERTIFIED EXPERT

Commented:
What is your FW? Where is the VPN configured? I would go with the FW handling your VPN failover.
leblancAccounting

Author

Commented:
I am still shopping for FWs. But it will be between a Fortinet and a Juniper. So if i understanding correctly, scenario 2 is the prefer way? Thanks
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
leblancAccounting

Author

Commented:
So your ASA is connecting to the main WAN connection and the Internet connection and from the L3 switch, you just have a default route pointed to the ASA. Correct?
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
Thanks for the grade. Good luck.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.