[vpn] VPN and backup access

Stephen Hope Stephen.Hope at energis.com
Mon May 27 12:31:29 EDT 2002 

Franco,

Since the whole point of backup is that it works when the main link doesn't
- why dial the Internet at all?

Just dial straight to a backup ISDN router at a main site - that way you can
use conventional private network ISDN security such as CHAP, and your ISDN
routers can sit on the private network.

If you have the right tools such as VRRP or a routing protocol, this will
protect you against Internet failure, access line and Netscreen.

Regards

Stephen

-----Original Message-----
From:	Franco Sabaris, Javier [mailto:jfranco at mundo-R.net]
Sent:	Monday, May 27, 2002 8:23 AM
To:	'VPN at securityfocus.com'
Subject:	[vpn] VPN and backup access

> Hi!
> 
> I'm trying to build a low cost hardware VPN, designed for very small
> branch
> offices. I want it to be reliable and flexible. I will be using broadband
> acceses: ADSL and cable will be working together in the same VPN,
> depending
> on the availability.
> 
> As VPN box, I find Netscreen is very convenient, specially the smallest
> device, the 5xp. I have tested it and it works ok.
> 
> Now I would like to improve the VPN by adding a backup access in each
> branch
> office. A ISDN dial-up access to the Internet would be great. Up to now, I
> can do that manually, if I configure the Netscreen to work with a
> dinamically assigned IP:
> 
> - Main access is a cable access
> - Backup access is an ISDN access with an ISDN router configured with
> static
> NAT, acting as DHCP server for the Netscreen device.
> 
> In case of faliure of the broadband access, I manually take the Ethernet
> cable from the broadband modem, and plug it in the ISDN router. The
> Netscreen gets the new (private but statically NATted) IP and sets up the
> tunnel again.
> 
> I would like to have a system that performs this task automatically. Since
> the Netscreen doesn't have a ISDN interface, the chances are:
> 
> a) A new VPN box that already has an ISDN interface (I've seen Netopia
> routers).
> b) Another box, that would be placed between the Netscreen and the
> broadband
> modem. That box would have two Ethernet interfaces, and one ISDN
> interface.
> In case of comunication faliure through the extern LAN interface, it would
> use the dial-up interface to gain access to the Internet; when the
> broadband
> connectivity is restored, it would have to close the dial-up connection.
> 
> Does anybody know about boxes like a) and b)? Do they work properly?
> 
> 
> Saúdos,
> Xavo
> 
> 
> 
> 
> 
> 
> 

VPN is sponsored by SecurityFocus.com


********************************************************************************************************
This e-mail is from Energis plc, 50 Victoria Embankment, London, EC4Y 0DE, United 
Kingdom, No: 2630471.

This e-mail is confidential to the addressee and may be privileged. The views 
expressed are personal and do not necessarily reflect those of Energis. If you are not 
the intended recipient please notify the sender immediately by calling our switchboard on 
+44 (0) 20 7206 5555 and do not disclose to another person or use, copy or forward 
all or any of it in any form.

********************************************************************************************************


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list