Re: VPN Failover -

From: Jay McMickle <jay.mcmickle_at_yahoo.com>
Date: Mon, 16 Apr 2012 06:05:23 -0500

Good question.

I would say regardless of the platform, you would need 3 interfaces. 2 to the Internet and one to the LAN. You didn't mention much of a LAN redundancy, so I'll focus on what you did set as requirements.

For RA, given this is a Cisco device, the failover for VPN can be done within IPSEC client by setting a backup location. Set the ISP as the VPN destination and the second ISP in the backup tab.

For Internet, using BGP you could set the weight for the preferred provider for outbound traffic. Inbound from both carriers would still work, but you may not get the preferred path if inbound traffic comes in on the backup ISP block of IP's.

For the VPN tunnel, this should work as-is due to the ACL's for the interesting traffic. This is given that you device is the gateway for the LAN traffic.

Let us know if you have further questions.

Regards,
Jay McMickle- CCNP,CCSP,CCDP
Sent from iJay

On Apr 15, 2012, at 6:13 PM, Vishal Rane <vishal.rane_at_hotmail.co.in> wrote:

> ******************************
> Format messed up, reloading again
> ********************************
>
>
> Is it possible to set up Two IPSEC tunnel with different service provider &
> Remote Access on a single Router.
>
> Router Model 2811 with VPN Encryption module
>
> (1) Remote Access for Mobile users accessing application from out of office
>
> (2) Two IPSEC tunnel from different provider to the same Destination
>
> (3) Internet Access for LAN users
>
>
> Service Provider 1 - > 10MB Internet Pipe , public ip range /29
> Service Provider 2 - > 5 MB Internet Pipe , public ip range /30
>
>
> Trying to achieve
>
>
> (a) Set Service Provider 1 pipe for Primary IPSEC VPN and RA + Backup for
> Internet Access for LAN Users
>
>
> (b) Set Service Provider 2 pipe for Primary Internet Access for LAN Users +
> Backup for IPSEC VPN and RA
>
>
>
> Hope to get some positive response
>
>
> Best Wishes
> Vishal
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 16 2012 - 06:05:23 ART

This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:45 ART