Internet-based WAN Backup Solutions using NetVanta
The Internet as an Alternative
61200890L1-29.4A
Copyright © 2005 ADTRAN, Inc.
3
Solution 1 - Primary = Frame Relay Service Provider, Alternate = ISP via Dial-up
In this scenario (see Figure 1), a Frame Relay service provider supplies the Frame Relay access line and
virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely
over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network.
The central site also has a protected Internet connection and an IPSec VPN gateway for Internet-based
access to the central site network. The remote site has a dial-up resource (analog modem or ISDN) and an
account at a local ISP. Should the remote's Frame Relay link fail, a dial-up connection is invoked to a local
ISP. An IPSec VPN connection is established across the Internet to the central site VPN gateway,
re-establishing connectivity between the two sites. The NetVanta uses its stateful inspection firewall to
protect the remote network while connected to the ISP. When the Frame Relay connection is
re-established, the dial backup connection is dropped and the IPSec connection ages out. The dial
connection to the Internet is used solely as a backup link, and general Internet access is not provided.
Figure 1. Primary WAN Connectivity via Frame Relay Service Provider, Backup Connectivity via
IPsec VPN over Dial-up Internet Connection
Remote NetVanta Router Configuration:
!
!
hostname "NV_Remote"
!
ip routing
!
ip firewall
!
ip crypto
!
crypto ike policy 100
initiate aggressive
no respond
10.254.255.25/28
10.254.255.85/28
10.254.255.26/28
10.1.1.240/24
172.31.4.0/24