- vpn fall over
PDA

View Full Version : vpn fall over

sam
07-24-2004, 09:53 PM
Hello,

Below is my problem and one solution that's been suggested. We are not
sure if it will work so any suggestions or idea would be most welcome.

We have two sites: our call center, and our data center, and between
them we have a VPN. Sometime our VPN goes down for one reason or
another. We would like to have an automatic fall-over when this
happens to a secondary VPN (whose red adapter is connected to a
different ISP).

So we set up two almost identical VPNs between the two subnets. We now
add two routes for the *other* network to each machine on each
network. We set the primary VPNs' gateways' route to have a lower
metric than the secondary VPNs' gateways' route.

Now when the primary VPN goes down what happens? Do the packets that
fail to reach the destination get routered to the secondary gateway ?
Do the packets that are in reply to these packets get routed to the
secondary gateway?

Are we going about this all wrong ? Is there an easy way to have
redundant VPN's ?

All your thoughts welcome.

Sam Owen
Mattias Honrendgard
07-24-2004, 09:54 PM
westernsam@hotmail.com (sam) wrote in message news:<292c8da4.0310090720.ab8d6f5@posting.google.com>...
> Hello,
>
> Below is my problem and one solution that's been suggested. We are not
> sure if it will work so any suggestions or idea would be most welcome.
>
> We have two sites: our call center, and our data center, and between
> them we have a VPN. Sometime our VPN goes down for one reason or
> another. We would like to have an automatic fall-over when this
> happens to a secondary VPN (whose red adapter is connected to a
> different ISP).
>
> So we set up two almost identical VPNs between the two subnets. We now
> add two routes for the *other* network to each machine on each
> network. We set the primary VPNs' gateways' route to have a lower
> metric than the secondary VPNs' gateways' route.
>
> Now when the primary VPN goes down what happens? Do the packets that
> fail to reach the destination get routered to the secondary gateway ?
> Do the packets that are in reply to these packets get routed to the
> secondary gateway?
>
> Are we going about this all wrong ? Is there an easy way to have
> redundant VPN's ?
>
> All your thoughts welcome.
>
> Sam Owen

Woah. WHAT. Your VPN goes down "for one reason or another"? Sorry, but
I'd look at tackling THAT issue personally.

If you want failover either build a cluster or use a load balancer.