ADTRAN Internet-Based WAN Backup manual Copyright 2005 ADTRAN, Inc

Solution 2 - Primary = Frame Relay Service Provider, Alternate = ISP via PPPoE/DSL-Cable

In this scenario (see Figure 2), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network. The central site has a protected Internet connection and an IPSec VPN gateway for Internet-based access to the central site network. The remote site also has a PPPoE over DSL or cable modem to a local ISP. This connection is always on and is used for local Internet access (if the corporate security policy allows such connectivity) while providing an alternate path to the central site. This link is protected by the NetVanta firewall. Should the NetVanta's Frame Relay link fail, an IPSec VPN connection is established over the PPPoE connection across the Internet to the central site's VPN gateway, re-establishing connectivity between the two sites. The NetVanta uses its stateful inspection firewall to protect the PPPoE connection to the Internet.

Figure 2. Primary WAN Connectivity via Frame Relay Service Provider, Backup Connectivity via

IPsec VPN over PPPoE/DSL-Cable ISP Connection

Remote NetVanta Router Configuration:

!

hostname "NV_Remote"

!

ip routing

!

ip firewall

!

ip crypto

!

crypto ike policy 100 initiate aggressive no respond