I've attached a quick visio for reference. I'm designing a new Layer 2 WAN with 2 ASR routers, 2 3845's and 2 1941's and hoping to get some insight on a few questions.
Obivously the goal is to follow best practices and have full redundancy on the network. I know functionality wise I can place the Key servers on the WAN or behind a GM on the LAN, i'm just looking for some insight on what other folks think is the best plan.
My Questions are:
- Since I have a redundant link, should I place my Key servers on the LAN instead of the WAN so there is a secondary path for them to stay in synch if the L2 WAN goes down?
- If I want to encrypt traffic accross the P2P fiber link does it make more sense for the Key Server's to reside on the LAN instead of the WAN?
- If the provider is only handing off 1 ethernet connection at the Core site, and the key server will live on the WAN, how should I handle splitiing this connection to both the ASR and the Key Sever? Should I use an external switch, or bridge interfaces on the ASR? Or is this just another good reason to place the key server's on the LAN?
Thanks for the help.