Thread: Check Point VPN design
View Single Post
  #1 (permalink)  
Old 2008-04-20
Testing-123 Testing-123 is offline
Member
  
Join Date: 2007-07-27
Posts: 93
Rep Power: 2
Testing-123 has an average reputation (10+)
Default Check Point VPN design
Hi All,

I'm going DR crazy and looking at ways to implement DR across our two main data offices in London :-)

Site A and B in London both have an internet pipe of equal size. We have a Check Point VPN cluster in site A and I’m considering purchasing a Check Point VPN cluster for site B. The cluster is serving as an IPSEC endpoint for remote users and sites. Both site A and B have a 2 GIG internal between them. Currently when site A's Internet link fails our dynamic routing advertises our site A addresses from site B's internet router and we just route site A addresses through B to get to A. This model works fine.

However, i'm trying to convince myself we need a VPN terminating device at site B too but i like the model we currently use as it works well :-)

I'm curious as to how others have implemented VPN resiliency across their sites?

Any views, suggestions on this?

I personally do not see the benefit unless you would want to split load across the two sites or did not have an internal link between two of your sites.

Cheers
Testing-123
Reply With Quote