Router Solution for Failover VPN over 2 ISPs

ciprian198716 · ‎02-01-2018

Hello everyone. I have the following setup:

Location A with ISP1 and ISP2

Location B with ISP1 and ISP2

Site to Site VPN from location A to Location B.

I need to balance traffic over the 2 VPN connections, and if any of the 4 ISPs fail, the remaining connection should carry all the traffic UNTIL the connection is restored..

What type of routers do you recommend for this scenario? (best performance and best price).

Thank you.

Georg Pauwen · ‎02-01-2018

Hello,

you have a lot of options, but it obviously depends on the size of your network, and your budget. At the low end, you could have a look at the RV042 Dual WAN VPN router.

At the high end, you could consider a stateful IPSec failover solution, which requires two routers at each site. The 3845 routers with encryption modules would be one option. There are various ISR models which support various encryption modules. Have a look at the link below, scroll down to the section 'Restrictions for Stateful Failover for IPsec'.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html#GUID-12B9F69D-EE16-4CB6-81DD-427E9A2AC014

Joseph W. Doherty · ‎02-01-2018

What's the maximum bandwidth across ISP1 and ISP2?

Will location A and B have only one router connecting to both ISPs, or a router dedicated to each ISP?

ciprian198716 · ‎02-06-2018

I would preffer one router per location, connecting to both ISPs. Both will provide 100 Mbps guaranteed.

Joseph W. Doherty · ‎02-07-2018

Ok, then you want a router that can provide 400 to 500 Mbps of forwarding capacity. The middle to high-end of the 4K ISRs are suitable routers. Likely there may be something in Cisco's SMB line of routers too, also likely less expensive, but I'm unfamiliar with those.