Redundant VPN Solutions
Chris Carlson
carlsonmail at YAHOO.COM
Mon Jan 15 20:03:16 EST 2001
Dante,
It depends on what you want redundant. Do you want
the Internet lines redundant, or the VPN device(s), or
both?
It's possible to have a single VPN device behind an
Internet access router running BGP4 to connect two
Internet lines together. If one line goes down, the
other takes over and the VPN device doesn't change!
This still makes a single point of failure at the
router and VPN devices, but most connectivity issues
is with failed Internet lines, not with the equipment
(in my experience).
If you want the VPN device itself to failover, you
have two options:
1) Look at VPN devices that failover (Cisco 5000,
Nortel Contivity, Check Point VPN-1, etc.)
2) Use a failover device between two VPN devices that
don't failover. Network Computing had a good article
on this; it's a good starting point.
http://www.networkcomputing.com/1102/1102ws1.html
Good luck!
Chris
--
--- Dante Mercurio <dmercurio at CCGSECURITY.COM> wrote:
> Has anyone had any experience with a redundant VPN
> solution with automatic
> failover? Comments on ease of install, managability,
> cost, etc.
>
> Essentially, we want two ties to the Internet, and
> want a VPN session to
> rollover to the second line in case one Internet
> line fails.
>
> Thanks,
> Dante
>
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list