Skip to main content
ohadfaibish
ohadfaibish
New Member
January 27, 2021
Solved

VPN connection to DC and DR

  • January 27, 2021
  • 1 reply
  • 14162 views

Hello,

I'm looking for solution that we have a s2s VPN connection between site A to our DC

We want to add a DR on OCI ( oracle cloud) and want to connect it also by s2s VPN and to make this connection as backup.

If the connection/FW on DC side will go down the VPN will change to the DR and if the connection will go up again in the DC it will go back.

Adding a visio 

What is the best way to make it happened? 

    Best answer by sw2090

    We have it here this way with 21 shop Sites.

    Each has two S2S IPsec to HQ and redundncy is made by redundant routes with different prio/distance.

    Primarily traffic behaves like electric current - it always takes the way of the lowest cost per default.

    So it will take the S2S with lowest routig prio/distance if available. If that is not available it will take the S2S with the next highest routing prio/distance until the other is back available.

    Works fine here.

    1 reply

    Furil
    Furil
    Visitor III
    January 27, 2021

    Hello,

     

    I guess that phase 2 security network are exactly the same for both primary and secondary site ?

    If yes did you try to play with routing table based on priority ? (ex:192.168.10.0/24 priority 0 for primary site and 192.168.10.0 priority 10 for secondary side).

     

    Best regards,

    Furil

    ohadfaibish
    ohadfaibishAuthor
    New Member
    January 28, 2021

    Hello and thank you for replaying,

    We don't have this configuration yet, we are planning to work on it, but before that I'm want to make sure

    its possible and will work.

     

    Maybe we can configure 2 S2S VPN one for each site DC and DR ant to add them both into a SD-WAN interface and to control the traffic with the weight? Do you think it will work?

     

    sw2090
    SuperUser
    sw2090Answer
    SuperUser
    January 28, 2021

    We have it here this way with 21 shop Sites.

    Each has two S2S IPsec to HQ and redundncy is made by redundant routes with different prio/distance.

    Primarily traffic behaves like electric current - it always takes the way of the lowest cost per default.

    So it will take the S2S with lowest routig prio/distance if available. If that is not available it will take the S2S with the next highest routing prio/distance until the other is back available.

    Works fine here.

    Terms & ConditionsAccessibility statement