It does make sense - I would like to see a Visio of this - with all the IPs and such removed...
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Seielstad Sent: Wednesday, March 12, 2003 8:32 AM To: NT 2000 Discussions Subject: RE: Snap Gear We have a global WAN infrastructure through AT&T - either frame relay or ATM circuits terminating into routers on our network, all running a link state routing protocol (currently we use BGP, but we used to use EIGRP, and OSPF would also work). Those routers obviously learn routes from the others within our system. The WAN routers all have default routes to either the site's core router (if the site has one) or to that location's PIX. Each PIX has a permanently established point to point VPN to each of the other PIXs within the company (its only 4 sites right now). On the PIX, you would use ACL's to force all traffic destined for specific subnets through the VPN tunnel. The PIX's default route is the Internet connection for that location. So, when all WAN links are up, the WAN routers pass traffic via their learned routes to other sites. When a WAN link goes down, the subnets at that site fall out of the routing tables for all other WAN links, and so that traffic is now directed to the PIX (because it's the default gateway of the WAN router). From there, the PIX's ACL identifies it as traffic for a VPN tunnel, which it passes throughthe tunnel to the remote site. Make sense? Roger -------------------------------------------------------------- Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: tuhlar [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 8:44 PM > To: NT 2000 Discussions > Subject: RE: Snap Gear > > > In what way do you use them for failover? > 2 Carriers into 2 interfaces on the PIX - such as DSL and T1? > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Roger Seielstad > Sent: Tuesday, March 11, 2003 8:12 AM > To: NT 2000 Discussions > Subject: RE: Snap Gear > > > I'd wonder what's wrong with the PIX? We use then for VPN > failover between all our locations, without any issues. > > I'd be wary of the cheap soho targeted stuff, like Linksys > and the like, for any sort of real protection. > > -------------------------------------------------------------- > Roger D. Seielstad - MCSE > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Johnny Martinez [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 10, 2003 7:03 PM > > To: NT 2000 Discussions > > Subject: Snap Gear > > > > > > Hi all, > > My VPN quest continues. I've come to the realization that the PIX > > isn't such a great solution for us. > > > > I'm looking at the Snap Gear SME530's. What do you all > think of these? > > They seem to do everything I need and more at a great > price! I've been > > told that they are easy to config. > > > > J > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to %%email.unsub%% > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
