Replacing VPN between 2 sites with dark fiber.

I currently have 2 sites, each with their own ISP. I have Sonicwall NSA 210s at each end connected with VPN. I am in process of getting a fiber connection between these 2 sites. What is the best way to reconfigure VPN, routing, IPs, etc to make this work while each site uses their own ISP for internet?

Site A 10.0.0.x
SN: 255.255.225.0
PDC resides
All servers that Site A and B use resides here.
Local ISP1

Site B 10.0.10.x
SN: 255.255.225.0
Remote Site DC resides
Local ISP2
Dennis JansonIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
I haven't worked with Sonicwalls, but on Cisco ASA or RV the VPN site-to-site is by default only used for internal addresses, meaning all internet traffic will go to the local ISP.
You need to specifically add routes to change this behavior.

HTH,
Dan
Dennis JansonIT ManagerAuthor Commented:
It just may be that easy with Sonicwall as well. I will definitely try that first when I get setup. However I am not clear on what I need to enter for VPN Primary gateway on each end when it's no longer the Public IP from each ISP, or where to physically plug in the Dark fiber cable for proper setup.
Dan CraciunIT ConsultantCommented:
If the connection is point-to-point, do you still need VPN?
Just define a new network (10.10.10.1 and 10.10.10.2 for ex) for the ends and add a route for internal traffic.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Dennis JansonIT ManagerAuthor Commented:
Dan,
That was another option I thought was feasible. I this case to create this route do I need to assign a LAN port on my SonicWall to be another LAN zone or LAN2? I may an issue with not enough port assignments available because I have a 2nd ISP at each site for failover as well.
Dan CraciunIT ConsultantCommented:
Again, I don't know on a Sonicwall.

On an ASA I would create a new zone, inside2, with a single port as member, then create a route between inside and inside2.

I guess it's the same as the LAN zone on the Sonicwall.
Dennis JansonIT ManagerAuthor Commented:
Very similar I imagine. Also I would think that the static routing would perform better over the VPN option.

Thanks.
Dan CraciunIT ConsultantCommented:
Yup. But you lose encryption. You need to check if the connection is really private.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.