Basically, I am helping in the design of a bank network which consist of a HQ, branches accessing HQ to update some informations and a Back up site which is supposed to automatically take over in case of a HQ link failure.
Bank users (branches) basically connect to the HQ through a VPN client (SSL or VPN)and land to the ASA at the HQ.
A failover policy is put in place so when there a problem with the link to the HQ, back up link must take over and because of EIGRP running, all the users (in the branches) should be transparently redirected to the Back Up site (how to implement this in the VPN SSL client ???).
-That explains why I am running EIGRP but I am still thinking about a way to fix the automatic failover.
-Do you have any hints where I might find some config and designs architecture of this kind ?
How will your failover work? say from a branch you have a dedicated link to the HQ site acting as the primary link. will you have another link from that branch as well as a backup going to the HQ as well. so from a single branch you have 2 links, one active and the other standby? or are the braches in a full mesh topolgy?
With the ASA's you can have SSL VPN active/standby failover scenario. for example banks users connecting to HQ site via SSL vpn will connect to the active ASA and then have a standby ASA to failover to.
yes, you're right. There is a back up link to the back up site where the users get connected in case of a link failure.
I need to have a way to perform this failover on the VPN soft client from the branch side.The 2 links will be in an active/standby mode.
I have just started to look for a solution to implement this and the network diagram, to be honest, is still fuzzy in my head. I hope i could find an implementation of this already been done somewhere and will have to look into the equipments.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...