Questions

can Mpls and Ipsec Failover possible on Firewall

+
0 Votes
Locked

can Mpls and Ipsec Failover possible on Firewall

bose_arin
I have one Firewall on which i want to terminate my MPLS line and Internet Leased Line .
The two sites where i have MPLS in between on the same site i also want to configure Site to Site VPN so that if my MPLS fails i can be able to get conncted using ipsec Site to site.WHich will be a failover sort of .So please help me that can i do it failover on MPLS and IPsec Site to Site VPN.On the two site i have Sonicwall firewall .
  • +
    1 Votes
    robo_dev

    If the router/firewall can support multiple external interfaces, it can typically allow the WAN connection to failover to a second interface.

    Of course, if there is an established IPSEC VPN connection, I would expect that it would drop and have to be re-started over a different interface.

    There are two ways you could do the site-to-site VPN: one way is if each firewall/router has VPN support, and also is capable of having the VPN terminate into the secondary interface. The other way is to have a dedicated site-to-site VPN concentrator on each end of the link, and simply pass-through the secondary firewall interface with that.

    Of course, if you have a leased line private data circuit, I don't see the benefit of using a VPN for that.

    +
    0 Votes
    bose_arin

    Thanks for your valuable answer.But i need bit more details on it.Firstly i have one ILL(internet leased Line) terminated on one WAN port on the Firewall.I have another MPLS line terminated on another port on the Firewall.Now from MPLS line i have connectivity to another Branch location.On that Branch i have another Firewall installed wherein apart from MPLS i have another Broadband connection with Static IP terminated on another WAN port.
    So my point is through MPLS i can connect my Branch but i also want to create Site to Site ipsec VPN to that branch from my HO.So that if my MPLS fails it can automatically taken over by IPSec VPN and branch gets connected to my office (HO).

    So please let me know how this can be done.On both HO and Branch office i use Sonicwall UTM only no other VPN devices re present on either side.This UTM has the VPN functionality itelf i mean site to site IPSec .

  • +
    1 Votes
    robo_dev

    If the router/firewall can support multiple external interfaces, it can typically allow the WAN connection to failover to a second interface.

    Of course, if there is an established IPSEC VPN connection, I would expect that it would drop and have to be re-started over a different interface.

    There are two ways you could do the site-to-site VPN: one way is if each firewall/router has VPN support, and also is capable of having the VPN terminate into the secondary interface. The other way is to have a dedicated site-to-site VPN concentrator on each end of the link, and simply pass-through the secondary firewall interface with that.

    Of course, if you have a leased line private data circuit, I don't see the benefit of using a VPN for that.

    +
    0 Votes
    bose_arin

    Thanks for your valuable answer.But i need bit more details on it.Firstly i have one ILL(internet leased Line) terminated on one WAN port on the Firewall.I have another MPLS line terminated on another port on the Firewall.Now from MPLS line i have connectivity to another Branch location.On that Branch i have another Firewall installed wherein apart from MPLS i have another Broadband connection with Static IP terminated on another WAN port.
    So my point is through MPLS i can connect my Branch but i also want to create Site to Site ipsec VPN to that branch from my HO.So that if my MPLS fails it can automatically taken over by IPSec VPN and branch gets connected to my office (HO).

    So please let me know how this can be done.On both HO and Branch office i use Sonicwall UTM only no other VPN devices re present on either side.This UTM has the VPN functionality itelf i mean site to site IPSec .