Redundant VPN tunnels. Architecture ideas?
This is a discussion on Redundant VPN tunnels. Architecture ideas? within the Linux Networking forums, part of the Linux Forums category; We have a central site hosting an ERP application and several remote sites connecting over IPSEC tunnels. Each site uses ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-27-2007
|
|||
|
|||
Redundant VPN tunnels. Architecture ideas?
We have a central site hosting an ERP application and several remote
sites connecting over IPSEC tunnels. Each site uses a unique private class C subnet and a router providing NAT and IPSEC. By using multiple ISPs at each site, we would like to build an architecture that: 1. Keeps telnet traffic to/from the ERP host running at low latency, even under heavy network/VPN load 2. Provides redundancy for the VPN connections, so that we can lose an ISP connection at any site and still provide access to the ERP through an IPSEC tunnel Point 1 sounds like a solution using traffic shaping, but can I effectively shape traffic within the IPSEC tunnel (so that say, SMB over IPSEC won't kill telnet over the same tunnel)? Point 2 sounds quite tricky, and I'd love any suggestions people have about doing highly available VPN tunnels. Currently, our network looks like this (only one remote site shown): Main Site Remote Site 192.168.0.2 +---------------+ +---------------+ 192.168.30.2 192.168.0.3--|NAT/VPN router +--INTERNET--+|NAT/VPN router |--192.168.30.3 192.168.0.4 +------+--------+ +-------+-------+ 192.168.30.4 | | +-----------IPSEC--------------+ Mony thanks, Toby. 
|
Linear Mode
