Hi *.* (or, * for you unix folks), I have an opportunity to propose a 4-site wide area network connectivity solution where redundancy/up-time/availability is an important issue. This customer is currently running Win2k pptp VPN and is looking for a more secure and robust solution. All 4 sites have or will have full or frac T1. Backup is to be provided by either DSL or ISDN as follows: LA: VPN termination device, Cisco 2621, T1, DSL (or ISDN) NY: VPN termination device, Cisco 2621, T1, DSL (or ISDN) FL: VPN termination device, Cisco 2621, T1, DSL (or ISDN) UK: VPN termination device, Cisco 2621, T1, DSL (or ISDN) The 2621 will be providing "backup" switch-over between T1 and DSL (or ISDN) at each site. DSL (or ISDN) provider will be different from the T1 provider (in fact, depending on availability, all eight links may have different providers). In case of one of the T1's going down, I need to ensure fail-over backup occurring so that VPN tunnel is always up. So the question is, is it possible for a PIX or VPN Concentrator 3000 to be configured to allow either of the remote-end IP addresses to open the tunnel and to return the connection to whichever address it came from (since the 2621 will switch over to DSL (or ISDN) link when T1 goes down)? What have you folks seen as far as setting up redundant VPN tunnels? What do you guys recommend as best practice? Alternative to all this is to setup frame relay WAN with ISDN backup, which has worked well for me in the past. However, frame PVC going out to UK might be cost-prohibitive; plus, this customer is kinda in love with the concept of VPN. TIA, Randall Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=19049&t=19049 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
