Remote site redundancy with multiple ADSL lines connecting to datacentre via IPSEC VPN
We are looking into options for improving resiliency at our remote sites. At the moment, they typically have an 800 series router and single ADSL line at our remote branches, connecting to the headend ASA firewall in the datacentre via IPSEC VPN.
At some geographical locations, ADSL is really the only option (without spending a LOT of cash) so, although there are limitations to it, the only possibility may be to have a 2nd ADSL line at these locations via a 2nd ISP.
The question is, what would be the best/most cost-effective way of achieving resilience with 2 ADSL lines at our branches? The problem I can see is getting the headend ASA to "realise" when the primary ADSL connection is down and to use the secondary ADSL instead?
Maybe we could have e.g. a Cisco1921 with 2 x ADSL WIC cards and select one of them as the "backup" interface, tracking the primary? (then rely on Dead Peer Detection at the ASA with each peer defined in the crypto map) Is that possible? If so, I guess the main issue with that would be that we would only have a single router so no hardware redundancy?
The other option might be simply to "double-up" and get another Cisco 800 series router and connect it to the 2nd ADSL line. I could see how we could use HSRP (tracking the primary router and ADSL line) to take care of the branch traffic. But, as above, we'd be left with the problem of how the headend ASA would "know" when the primary had failed (and/or when it came back up again?)
Any thoughts/suggestions on best way of achieving resilience with 2 ADSL lines at a remote site and IPSEC VPN connectivity to a headend ASA?
One thing you should consider is path redundancy. Typically multiple Adsl providers will use the wire plant of the ilec to deliver the circuits. So while you will wind up with multiple providers, you really will only improve your uptime if your existing provider is having internal issues. If your primary downtime is because of fallen trees or backhoes, you may be achieving very little.
If possible you should investigate cable modems. While path redundancy is still an issue, at least you will have separate headends for the devices to talk to.
Hi Freinds lets Consider the sd-wan controller will be deployed on-premise , with 2 x Transport ( MPLS and INET) each cEdge sits behind ASA , Cisco ASA perform 1 to 1 static NATING for the cEdge in order to provide Reachibility over INET vB...
Cisco helps build IT agility and business resiliency by introducing new technology innovations that help
Respond and adapt to disruptions
Accelerate your digital journey and cloud adoption
Transform your operating model with insights and automatio...
Oct 20, 2020 is an inspirational date for many of us in networking industry to be proud of. It is the birthday of Cisco Catalyst 8500 Series Edge Platforms – one of the most powerful purpose-built SD-WAN Edge platforms ever, making up to 60Gbps throughput...
Hi, Hope this can help someone. To connect local network storage, mine is DS1817+. Create port forward and connect thru internet.Do reply here if you have better or easier configuration! =D Configuration on Cisco Router:ip nat inside source stat...
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest Cisco Cloud OnRamp solutions?
Sign up to try out various use cases with the Cisco SD-WAN Cloud ...