Backup plan when VPN is down?

[SArmyTech]

We have several remote sites in Florida that have unreliable ISP's, therefore the VPN connections via Watchguard firewalls are not always up. Does anyone have a backup solution they are using for this type of scenario? I could have one user RAS in to the main LAN, but what do I do with multiple users at these sites? Can a RAS connection be shared? Our main app is telnet, so a RAS dialup would work ok, but needs to be shared.

Just looking for some guidance here. Excuse my ignorance when it comes to VPN's and remote dialup access. Our VPN support is handled by other IT staff.

 

[bytehd]

dial backup?

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[SArmyTech]

Dial backup is the plan, but how to implement? Want this solution to be inexpensive, and access to app during normal working hours is critical. If VPN is down and support staff is unavailable (it happens!) we'll need some way to get multiple users access to the app remotely. But how? Our client software uses the VPN to find the app server in our main location, which is great as long as the VPN is up and stays up. There have been stability issues here using Watchguard firewalls, VPN's and certain ISP's.

 

[bytehd]

Watchguard boxes have serial ports?


George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[lgarner]

Do Watchguards have some type of dynamic routing? How about the Internet routers?

I've done it with Cisco easily enough, but fast, automatic failover depends on immediately detecting when traffic needs to be re-routed. You'd have to check the Watchguard docs to see what features they have like this. Firewalls often don't have the robust routing protocols that "real" routers have.

Be prepared for long-distance phone charges, also. Plus, there will be downtime while the call is made. If your app depends on near-100% connectivity you might want to look at a secondary internet connection.

 

[netmanrick]

It sounds like it's time to re-think your infrastructure.
If you are down,what's it worth to you to have a reliable,secure connection ?
Instead of ISP's what about a data circuit(T-1,ISDN,Frame Relay,etc with dial back-up or a secondary data circuit ?

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[dearingkr]

I've had this problem before with critical links.
My solution was to bring in a cheap broadband (cable or DSL) and use it as a backup system.
Believe it or not, the broadband seems to be more reliable, less downtime.
The cost is minor, about $30-100 per month depending on what's available in your area.

MCSE CCNA CCDA

 

[bytehd]

If a leased line is less reliable than DSL,
time to switch carriers....

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[dearingkr]

I've already done that twice.
My problem is mostly the local lines from the street.
The local LEC won't replace them, just keeps 'fixing' them.

MCSE CCNA CCDA

 

[bytehd]

Use another CLEC

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[dearingkr]

Your local wires to the street are owned by the local LEC, no matter who you use.

MCSE CCNA CCDA

 

[bytehd]

well at least give dslreports.com a try.
punch in your zip code.

You may have to give them some TLC.

there's always a spare pair hanging around....

George Walkey
Senior Geek in charge

http://www.insyncva.com

 

[SArmyTech]

Thanks for all the postings and Happy 2K5! I will check on the Watchguard info out there for any kind of routing options. The problem is cost and the main connection (not the backup) is the DSL or cable connection. I know T1 or fractional T1 might be too costly for us, either as a main or backup connection. Long distance charges for dialups won't always be a problem as some of our remote sites are in the same county as the main site. Others are not, so long distance costs will add up. It's all about the money!