ADTRAN Internet-Based WAN Backup manual Copyright 2005 ADTRAN, Inc

Page 6

The Internet as an Alternative

Internet-based WAN Backup Solutions using NetVanta

 

 

Solution 2 - Primary = Frame Relay Service Provider, Alternate = ISP via PPPoE/DSL-Cable

In this scenario (see Figure 2), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network. The central site has a protected Internet connection and an IPSec VPN gateway for Internet-based access to the central site network. The remote site also has a PPPoE over DSL or cable modem to a local ISP. This connection is always on and is used for local Internet access (if the corporate security policy allows such connectivity) while providing an alternate path to the central site. This link is protected by the NetVanta firewall. Should the NetVanta's Frame Relay link fail, an IPSec VPN connection is established over the PPPoE connection across the Internet to the central site's VPN gateway, re-establishing connectivity between the two sites. The NetVanta uses its stateful inspection firewall to protect the PPPoE connection to the Internet.

10.254.255.26/28

10.254.255.25/28

 

10.1.1.240/24

10.254.255.85/28

172.31.4.0/24

 

Figure 2. Primary WAN Connectivity via Frame Relay Service Provider, Backup Connectivity via

IPsec VPN over PPPoE/DSL-Cable ISP Connection

Remote NetVanta Router Configuration:

!

hostname "NV_Remote"

!

ip routing

!

ip firewall

!

ip crypto

!

crypto ike policy 100 initiate aggressive no respond

6

Copyright © 2005 ADTRAN, Inc.

61200890L1-29.4A

Image 6
Contents Configuration Guide Introduction 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Copyright 2005 ADTRAN, Inc Inbound on dial only allows sessions from Central Copyright 2005 ADTRAN, Inc 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Inbound on PoE allows any session from Central 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Ip firewall fast-nat-failover 61200890L1-29.4A Copyright 2005 ADTRAN, Inc Primary default route