ADTRAN Internet-Based WAN Backup manual 61200890L1-29.4A Copyright 2005 ADTRAN, Inc

Solution 1 - Primary = Frame Relay Service Provider, Alternate = ISP via Dial-up

In this scenario (see Figure 1), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network. The central site also has a protected Internet connection and an IPSec VPN gateway for Internet-based access to the central site network. The remote site has a dial-up resource (analog modem or ISDN) and an account at a local ISP. Should the remote's Frame Relay link fail, a dial-up connection is invoked to a local ISP. An IPSec VPN connection is established across the Internet to the central site VPN gateway, re-establishing connectivity between the two sites. The NetVanta uses its stateful inspection firewall to protect the remote network while connected to the ISP. When the Frame Relay connection is re-established, the dial backup connection is dropped and the IPSec connection ages out. The dial connection to the Internet is used solely as a backup link, and general Internet access is not provided.

Figure 1. Primary WAN Connectivity via Frame Relay Service Provider, Backup Connectivity via

IPsec VPN over Dial-up Internet Connection

Remote NetVanta Router Configuration:

!

!

hostname "NV_Remote"

!

ip routing

!

ip firewall

!

ip crypto

!

crypto ike policy 100 initiate aggressive no respond