[c-nsp] Best solution for WAN backup
C. Jon Larsen
jlarsen at richweb.com
Thu May 26 14:28:39 EDT 2011
On Thu, 26 May 2011, Scott Voll wrote:
> I have a Metro Ethernet connection to all my sites but they are all hub and
> spoke. if I lose a link that site goes down.
>
> I have basic ISP service available at each of my remote sites and would like
> to setup a backup link over a VPN connection. I talked to someone, and I
> can't remember what they said. I thought about ASA's but they said using a
> router with VPN service was a better option. Can anyone tell me what they
> were talking about? they said with the routers you have better options for
> Routing.
Use gre tunnels + bgp routing + ipsec if you need crypto
Dynamic routing is needed for proper failover, the ASAs will not handle
this well at all due to their inability to route packets or handle gre
tunnels or basically do anything that an actual router can do.
If you have routers in place that dont have the horsepower or feature
set to do crypto, you can use ASAs to ipsec tunnel the gre tunnel but its
much cleaner to be able to use the crypto map right on the tunnel
interface on your router.
cisco 1941s work well for this.
> TIA
>
> Scott
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> This message has been scanned for viruses and
> dangerous content by the ipengines.net MailScanner, and is
> believed to be clean.
>
>
>
More information about the cisco-nsp
mailing list