10-24-2007 05:47 AM - edited 03-09-2019 07:05 PM
Hello!
Can anyone give me a hint what hardware and technology has to be used to set up a connection from a central site to a remote site. On both sites there are two different ISPs with different bandwidths and reliability. Therefore loadbalancing should be achieved regarding the tunnels. Other features which are requested are:
- policy based routing for users on central site (group 1 should use ISP one and group 2 should use the other one with fallback if one the ISPs fails)
- terminating of remote access VPNs on the central site (possible on both ISP connections)
- the remote site should have direct internet access by split tunneling
- a DMZ interface for future use on the central site should also be provided
The customer already has a ASA5510 but not configured yet. Can this device be used for the setup in such way?
Any feedback is appreciated.
Kind regards!
10-30-2007 09:29 AM
If you are going to add an E3 connection to an ISP, the router recommendation will obviously change to a 7200. There are many options for load balancing methods utilizing BGP for a dual-connectivity setup, so we may want to go through these when the time comes. We can use BGP metrics to force user traffic out a different link than the Web Banking traffic, such as AS path prepending.
10-30-2007 11:24 PM
You can use asa's for frontend ipsec tunneling between sites and 2800/3800 series routers for backend gre tunneling.
Asa's can also take care of vpn client access and even firewalling services.
This way you can enjoy the strong security of the asas and the great flexibility of ios.
Bye,
Max.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide