Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 128
  • Last Modified:

VPN failover on switch or on FW

I need feedback on the preference to implement VPN failover on a layer 3 switch or on a FW. Basically, I will have a layer 3 switch connecting to a primary MPLS connection and the Internet as the VPN backup. My question is which scenario is best practice: 1 or 2 (see below)

scenario 1:
internet<-->fw<-->3560x<-->internal
                                |
                              MPLS CE router

scenario 2:
internet<-->fw<-->3560x<-->internal
                     |
            MPLS CE router
0
leblanc
Asked:
leblanc
  • 4
  • 2
2 Solutions
 
netcmhCommented:
What is your FW? Where is the VPN configured? I would go with the FW handling your VPN failover.
0
 
leblancAccountingAuthor Commented:
I am still shopping for FWs. But it will be between a Fortinet and a Juniper. So if i understanding correctly, scenario 2 is the prefer way? Thanks
0
 
netcmhCommented:
I have an ASA then a FG then my L3. I can do a VPN split on either the ASA or the FG. I'd choose the ASA as it's efficient and designed to handle a variety of VPNs.
0
Eye-catchers on the conference table

Challenge: The i-unit group was not satisfied with the audio quality during remote meetings. They were looking for a portable solution with excellent audio quality for use in their conference room but also at their client’s offices.

 
leblancAccountingAuthor Commented:
So your ASA is connecting to the main WAN connection and the Internet connection and from the L3 switch, you just have a default route pointed to the ASA. Correct?
0
 
netcmhCommented:
Correct. the default route is pointed to the ASA.
0
 
netcmhCommented:
Thanks for the grade. Good luck.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now