Redundant VPN connection with Public WiFi

JimEBobE · ‎12-18-2017

I currently have an ISR at a remote location that connects via MetroE to our main site. It hosts phones and data at the remote site. I am wanting to add a second ISP at the site for redundancy that will create a VPN connection back to the main site. I also would like to use the redundant connection for WiFi at that location that will go straight out to the internet but not have access to the internal network. The router would perform dhcp and nat operations. Would anyone have any examples on how this could be done?

JimEBobE · ‎12-19-2017

I'm assuming I will need a VRF but not sure if I need 2. One for Guest side and one for Internet facing side. If two are needed how would the VPN access the Internet facing VRF?

Richard Burts · ‎12-20-2017

If we knew more about how your ISR router was set up we might be able to give you better advice. With the MetroE are the phones and data seen as a local subnet to HQ or are they remote subnets to HQ and the MetroE is used as a routed link? Also is the wireless at the remote set up as a separate vlan and separate subnet?

How to use the new ISP connection as a backup for the MetroE would depend on how the ISR was set up.

If the wireless is a separate vlan and separate subnet then I would think that you could use Policy Based Routing to send the wireless traffic directly to the new ISP connection. Note that it might need some additional access list configuration to prevent the new ISP interface from routing wireless traffic to the HQ subnets.

HTH

Rick

HTH

Rick