ADTRAN Internet-Based WAN Backup manual 61200890L1-29.4A Copyright 2005 ADTRAN, Inc

Page 3

Internet-based WAN Backup Solutions using NetVanta

The Internet as an Alternative

 

 

Solution 1 - Primary = Frame Relay Service Provider, Alternate = ISP via Dial-up

In this scenario (see Figure 1), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network. The central site also has a protected Internet connection and an IPSec VPN gateway for Internet-based access to the central site network. The remote site has a dial-up resource (analog modem or ISDN) and an account at a local ISP. Should the remote's Frame Relay link fail, a dial-up connection is invoked to a local ISP. An IPSec VPN connection is established across the Internet to the central site VPN gateway, re-establishing connectivity between the two sites. The NetVanta uses its stateful inspection firewall to protect the remote network while connected to the ISP. When the Frame Relay connection is re-established, the dial backup connection is dropped and the IPSec connection ages out. The dial connection to the Internet is used solely as a backup link, and general Internet access is not provided.

 

10.254.255.26/28

10.254.255.25/28

 

 

10.1.1.240/24

 

10.254.255.85/28

 

 

 

 

172.31.4.0/24

Figure 1. Primary WAN Connectivity via Frame Relay Service Provider, Backup Connectivity via

IPsec VPN over Dial-up Internet Connection

Remote NetVanta Router Configuration:

!

!

hostname "NV_Remote"

!

ip routing

!

ip firewall

!

ip crypto

!

crypto ike policy 100 initiate aggressive no respond

61200890L1-29.4A

Copyright © 2005 ADTRAN, Inc.

3

Image 3
Contents Configuration Guide Introduction 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Copyright 2005 ADTRAN, Inc Inbound on dial only allows sessions from Central Copyright 2005 ADTRAN, Inc 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Inbound on PoE allows any session from Central 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Ip firewall fast-nat-failover 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Primary default route