Hybrid WAN implementing VPN

Stephen Hope shope at energis-eis.co.uk
Tue Jul 17 15:49:44 EDT 2001


Patrick,

cant help directly, but i can give you some encouragement - it is feasible
within a routed network.

we have done this for low priority traffic using a UK -US link with backup
via satellite.

what we did was build a "pure" routed link with the satellite costed so it
was not the preferred path. We then used traffic filter to select the stuff
we wanted diverted (printer spool and mail server to server stuff in our
case). 

If the VPN tunnel terminates on the router with the traffic filters, then
the filter can be sensitive to "next hop" being available - that way the 2
links back each other up under fault conditions. Or, you can set up the
filterss to break the low priority stuff when the VPN is down...

i suggest you look at a router based VPN - you are going to want to have a
routing protocol and traffic filtersto control routes and fallback under
fault conditions - static routes on the VPN gateway type systems will make
your immplementation more difficult.

regards

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Patrick.Bryan at abbott.com [mailto:Patrick.Bryan at abbott.com]
> Sent: 17 July 2001 17:36
> To: vpn at securityfocus.com
> Subject: Hybrid WAN implementing VPN
> 
> 
> Has anyone considered and or successfuly implemented a Hybrid 
> WAN making using
> of a VPN for non time sensitive / non critical data? For 
> example, you have
> frame links between sites A, B, and C. Rather than increase 
> bandwith between
> sites, it seems to me that I can route secondary types of traffic over
> Lan-to-Lan VPN links. Using ftp as an example, it seems I 
> would be able to set
> an input filter on my routers to forward any ftp traffic to 
> VPN boxes at each
> site. The issue I am trying to overcome, is that this creates 
> a loop between
> the router and the VPN engine. Am I way off here?
> 
> 
> VPN is sponsored by SecurityFocus.com
> 

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list