PDA

View Full Version : ISP Redundancy with VPN Site to Site



rmaestrali
2011-04-06, 10:39
Hello friend
here is my infra, Im using ISP Redundancy and all of services are working fine when one ISP is down, the other one handle the traffic. But one thing is not working, VPN Site to Site.

I have a VPN site to Site with a partner using my default IP with the partner default IP. When I loose my default ISP, my firewall changes to the 2nd IP but I have to ask to my partner to change the rule base and put my 2nd IP into the rulebase.
Something like thys:
ISP 1 => 200.244.X.1 ----V P N------200.187.x.1
ISP 2 => 186.215.X.1

PS.: My partner has only 1 ISP

Questions:
. Is there a way to create an automatic tunnel in this case ?
. Is there a way to create an Interoperable object with my 2nd ISP?
. Is there a way to put an 2nd gateway in the rule base (not using MEP)?

All I need is to create an 2nd tunnel for this contingency.

Tks in advance

mcnallym
2011-04-08, 03:40
The problem isn't at your end.

This would not require changes at your end, as you already know about the far end and when they point the connection to the 2nd ISP at your end then it works. As such your configuration does not need to change, it is the partners configuration that changes and how to do that will depend upon what vendor of vpn gateway that they use. Maybe called 2nd Gateway or Backup Gateway.