cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
205
Views
0
Helpful
5
Replies

Site to Site VPN Design Question

dcanady55
Level 3
Level 3

Hello,

FTD 2110 running 7.4.1.1

I am wondering if the following is possible:

Current setup:

  • Datacenter A has two FTDs in HA with an existing internet connection.
  • Datacenter B has two FTDs in HA with an existing internet connection.

We already have failover if Datacenter A goes down and we need to use Datacenter B’s internet. However, we have a lot of resources at Datacenter A that users need when Datacenter A goes down. Is it possible to bring in another internet connection at Datacenter A and create a site-to-site VPN tunnel between the FTDs at Datacenter A and Datacenter B? If Datacenter A goes down, traffic would route to Datacenter B for internet access, but if users need to access local resources, we could send them across the site-to-site tunnel. I’ve created a site-to-site VPN between Datacenter A and Datacenter B before, testing out other ideas, but I was using those locations’ existing outside interface and internet.

Thanks for any feedback

1 Accepted Solution

Accepted Solutions

@dcanady55 yes you could configure a VPN between DC A and DC B, user traffic is routed from the branches to DC B and onwards to DC A via the other VPN.

View solution in original post

5 Replies 5

@dcanady55 yes you could configure a VPN between DC A and DC B, user traffic is routed from the branches to DC B and onwards to DC A via the other VPN.

Thanks Rob. I will accept this as a solution and if I have any issues will report back on this thread for others to learn. 

How if DC-A down the VPN still UP?

You need DC interconnect and not need VPN to make traffic from DC-A forward to DC-B

MHM

I could be misinterpreting your question MHM but the overall location A fine but if our internet goes down the WAN also goes down as there riding the same fiber. In so, instead of enacting a full-blown DR failover at B if it's only going to be a few hours it might be easier for us to bring in a cheap internet connection into A using another provider and then run this site to site from B to A so that users can get to those local resources at A. Sounds like that's doable according to Rob so thanks for the feedback.

 

So you will have second ISP in each site' and that solve issue not VPN.

MHM