[vpn] Restoral of site-to-site VPN links
Dante Mercurio
dmercurio at ccgsecurity.com
Tue Feb 26 12:50:46 EST 2002
One solution is a product made by RadWare called LinkProof. It allows
you to have dissimilar Internet connections, and can fail-over and/or
load balance them too. We've got one customer with 2 DSL (don't ask my
why) and 1 T1 link to the Internet, and a Radware linkproof allows them
to use all the bandwidth, and their mobile client VPN's fail over if
necessary. Because each connection uses it's own set of IP's, however,
site-to-site VPN's must be connected by DNS name, and not IP. Many
firewalls don't support this. In addition, your mobile VPN client must
have a gateway fail-over capability. Most do.
M. Dante Mercurio, CCNA, MCSE+I, CCSA
Consulting Services Manager
Continental Consulting Group, LLC
www.ccgsecurity.com <http://www.ccgsecurity.com>
dmercurio at ccgsecurity.com <mailto:dmercurio at ccgsecurity.com>
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder at Opus1.COM]
> Sent: Monday, February 25, 2002 6:09 PM
> To: Slaby, James
> Cc: 'vpn at securityfocus.com'
> Subject: Re: [vpn] Restoral of site-to-site VPN links
>
>
> >Is anyone using anything besides bonded POTS links or ISDN
> to restore
> >Internet connectivity, and thereby an IPsec site-to-site
> tunnel, in the
> >event that the primary ISP connection (be it frame relay, T-carrier,
> >cable, DSL, or whatever) fails?
>
> Yes. We have a couple of clients using FR backup. If the
> primary ISP connection fails, then they flop over to a FR PVC
> which has been sitting idle.
> Given the cost of such a connection, it's awfully cheap to
> add a PVC. We also have clients using Internet+IPSEC as a
> backup for private line/FR outage.
>
> Why do you ask? It's not hard to configure; the difficult
> part is getting the routing right around the failure.
> However, most good VPN boxes will talk some routing protocol.
> A few, like Lucent/Xedia & Cisco, see the tunnel as an
> interface which can have an up/down state, which is even better.
>
> jms
>
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)
> jms at Opus1.COM http://www.opus1.com/jms Opus One
>
> VPN is sponsored by SecurityFocus.com
>
>
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list