Redundant VPN tunnels. Architecture ideas?
- From: toby.mclaughlin@xxxxxxxxx
- Date: 26 Mar 2007 18:13:33 -0700
We have a central site hosting an ERP application and several remote
sites connecting over IPSEC tunnels. Each site uses a unique private
class C subnet and a router providing NAT and IPSEC. By using multiple
ISPs at each site, we would like to build an architecture that:
1. Keeps telnet traffic to/from the ERP host running at low latency,
even under heavy network/VPN load
2. Provides redundancy for the VPN connections, so that we can lose
an ISP connection at any site and still provide access to the ERP
through an IPSEC tunnel
Point 1 sounds like a solution using traffic shaping, but can I
effectively shape traffic within the IPSEC tunnel (so that say, SMB
over IPSEC won't kill telnet over the same tunnel)?
Point 2 sounds quite tricky, and I'd love any suggestions people have
about doing highly available VPN tunnels.
Currently, our network looks like this (only one remote site shown):
Main Site Remote Site
192.168.0.2 +---------------+ +---------------+
192.168.30.2
192.168.0.3--|NAT/VPN router +--INTERNET--+|NAT/VPN router
|--192.168.30.3
192.168.0.4 +------+--------+ +-------+-------+
192.168.30.4
| |
+-----------IPSEC--------------+
Mony thanks,
Toby.
.
- Prev by Date: Re: route command baffles me.
- Next by Date: IPSec, IPTables, multiple subnets
- Previous by thread: Problems creating domain for intranet
- Next by thread: IPSec, IPTables, multiple subnets
- Index(es):
Relevant Pages
|
