ADTRAN NetVanta Internet-Based WAN Backup Configuration Manual Download Page 9 | Manualshive

Page: 9 / 12

background image

Internet-based WAN Backup Solutions using NetVanta

The Internet as an Alternative

61200890L1-29.4A

Copyright © 2005 ADTRAN, Inc.

9

Solution 3 - Primary = ISP via PPPoE/DSL-Cable, Alternate = ISP via Dial-up

In this scenario (see Figure 3), the remote site has two ISP accounts, one via PPPoE using a DSL or cable
modem and another via dial-up. Both are protected by the NetVanta firewall. This PPPoE connection is
always on and is used for local Internet access (if the corporate security policy allows such connectivity) as
well as being used as the primary path to the central site. The central site has a protected Internet
connection and an IPSec VPN gateway for Internet-based access to the central site network. The remote
site uses IPSec VPN to connect to the central VPN gateway over its PPPoE interface as a primary. Should
the PPPoE link fail, a dial-up connection is invoked to a local ISP. Another IPSec VPN connection is
negotiated across the Internet to the central site VPN gateway, re-establishing connectivity between the
two sites.

If the remote router accesses the central VPN gateway on the same IP address no matter which remote
router interface is active, it is important that both devices support IKE dead peer detection. Otherwise,
when the remote site switches to the other interface, the IPSec and/or IKE SA (depending on the exact
configuration) have to age out naturally before a new VPN connection is established. Dead peer detection
expedites this process, allowing the alternate VPN connection to be established more quickly.

Note that this configuration is shown using the NetVanta DIM Carrier Module (1200877L1), which allows
the dial backup interface module (DIM) to be used without a network interface module (NIM) installed.

Figure 3. Primary WAN Connectivity via IPsec VPN over PPPoE/DSL-Cable ISP Connection, Backup

Connectivity via IPsec VPN Dialup ISP Connection

Remote NetVanta Router Configuration:

!
hostname "NV_Remote"
!
ip routing
!
ip firewall
!
!

10.254.255.85/28

10.254.255.26/28

10.1.1.240/24

172.31.4.0/24

«
...
7
8
9
10
11
...
»

Summary of Contents for NetVanta Internet-Based WAN Backup

Page 1: ...ed WAN Backup Solutions using NetVanta Overview This configuration guide delineates the advantages of using the NetVanta product line and the Internet for wide area network WAN connectivity It include...

Page 2: ...he hub completely bypassing the WAN While this is a well known solution that has been used for many years the cost of dial up server ownership maintenance and long distance toll charges can be quite h...

Page 3: ...cal ISP Should the remote s Frame Relay link fail a dial up connection is invoked to a local ISP An IPSec VPN connection is established across the Internet to the central site VPN gateway re establish...

Page 4: ...NTRAL set peer 10 254 255 85 set transform set dessha set security association lifetime seconds 600 set pfs group2 interface eth 0 1 ip address access policy LOCALLAN no shutdown interface t1 1 1 cloc...

Page 5: ...Dial ppp chap password a no shutdown ip access list extended REMOTE_to_CENTRAL remark permits local lan subnet to central subnet permit ip 10 1 1 240 0 0 0 15 172 31 4 0 0 0 0 255 each interface has i...

Page 6: ...to a local ISP This connection is always on and is used for local Internet access if the corporate security policy allows such connectivity while providing an alternate path to the central site This l...

Page 7: ...set dessha set security association lifetime seconds 600 set pfs group2 interface eth 0 1 description Local Lan Interface ip address 10 1 1 254 255 255 255 240 access policy LOCALLAN no shutdown inte...

Page 8: ...ip 10 1 1 240 0 0 0 15 172 31 4 0 0 0 0 255 each interface has its own policy class to allow for discrete destination policy control if needed ip policy class FR inbound on FR allows any session from...

Page 9: ...nection is negotiated across the Internet to the central site VPN gateway re establishing connectivity between the two sites If the remote router accesses the central VPN gateway on the same IP addres...

Page 10: ...55 85 attribute 10 authentication pre share group 2 lifetime 300 crypto ike remote id fqdn CENTRAL preshared key 1234567890 crypto ipsec transform set dessha esp des esp sha hmac mode tunnel separate...

Page 11: ...authentication chap username ISP_PPPoE_Srv password a ppp chap hostname ISP_Customer_PPPoE ppp chap password a mtu 1492 dial backup number 2222 digital 64k 1 1 ppp 2 no shutdown cross connect 2 eth 0...

Page 12: ...traffic is using nat source to the active interface IP address a destination policy class is included in the previous NAT policies to control which NAT is used Specifying a destination policy class re...

Reviews:

No comments

Related manuals for NetVanta Internet-Based WAN Backup

Brand: TP-Link Pages: 73

Brand: Stephen Pages: 102

Brand: Edgewater Networks Pages: 7

Brand: Ubiquiti Pages: 20

Brand: AMG Systems Pages: 2

8677 - BladeCenter Rack-mountable - Power Supply

Brand: IBM Pages: 126

Brand: Idis Pages: 85

Brand: NETGEAR Pages: 142

Brand: Ubiquiti Pages: 23

Brand: Solwise Pages: 231

Brand: LevelOne Pages: 3

PXI PXITM -1000

Brand: National Instruments Pages: 55

Brand: JLCooper Electronics Pages: 12

Brand: Draytek Pages: 17

Brand: ActionTec Pages: 87

Brand: Altronix Pages: 8

Brand: BinTec Pages: 35

Brand: Planet Pages: 16

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands