Remote site redundancy with multiple ADSL lines connecting to datacentre via IPSEC VPN
We are looking into options for improving resiliency at our remote sites. At the moment, they typically have an 800 series router and single ADSL line at our remote branches, connecting to the headend ASA firewall in the datacentre via IPSEC VPN.
At some geographical locations, ADSL is really the only option (without spending a LOT of cash) so, although there are limitations to it, the only possibility may be to have a 2nd ADSL line at these locations via a 2nd ISP.
The question is, what would be the best/most cost-effective way of achieving resilience with 2 ADSL lines at our branches? The problem I can see is getting the headend ASA to "realise" when the primary ADSL connection is down and to use the secondary ADSL instead?
Maybe we could have e.g. a Cisco1921 with 2 x ADSL WIC cards and select one of them as the "backup" interface, tracking the primary? (then rely on Dead Peer Detection at the ASA with each peer defined in the crypto map) Is that possible? If so, I guess the main issue with that would be that we would only have a single router so no hardware redundancy?
The other option might be simply to "double-up" and get another Cisco 800 series router and connect it to the 2nd ADSL line. I could see how we could use HSRP (tracking the primary router and ADSL line) to take care of the branch traffic. But, as above, we'd be left with the problem of how the headend ASA would "know" when the primary had failed (and/or when it came back up again?)
Any thoughts/suggestions on best way of achieving resilience with 2 ADSL lines at a remote site and IPSEC VPN connectivity to a headend ASA?
Re: Remote site redundancy with multiple ADSL lines connecting t
One thing you should consider is path redundancy. Typically multiple Adsl providers will use the wire plant of the ilec to deliver the circuits. So while you will wind up with multiple providers, you really will only improve your uptime if your existing provider is having internal issues. If your primary downtime is because of fallen trees or backhoes, you may be achieving very little.
If possible you should investigate cable modems. While path redundancy is still an issue, at least you will have separate headends for the devices to talk to.
Hello guys.I installed remote access VPN on Windows 2019. I need to do additional configuration on the router to allow access outside. I got this.Public IP--------------ISP Router-------------Fa0/0 Cisco Router Fa0/1------------------------My Server ...
Meet the Authors video - How to Troubleshoot Network Problems with Vinit Jain
(Live event – Wednesday, February 12th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event had place on Wednesday 12th, February 2020 at 10hrs PDT&nbs...
I have a pair of 3945 routers that are proving to be underpowered for the 100+ remote offices connecting to them. Fortunately I happen to have a couple of 4351 ISRs rated for significantly greater encrypted throughput. Is there any way I could upgrade the...
This article assumes you have the basic knowledge and experience with Cisco DNA Center and Identity Services Engine (ISE).Note when reading this doc the "Authentication Policy" referred to is part of Cisco DNA Center Onboarding section and ha...