Hi there,
Right now I have a remote office that has a single 3.5 mbps PPPoE DSL connection. The provider has been having some serious service issues, causing the connection to drop several times per day, and sometimes dropping for 8-12 hours at a time until the modem is reset. Therefore, I' ve been investigating a secondary Internet connection for this office.
What is available is expensive T1/E1-type connections complete with Cisco routers, but unfortunately they are out of my budget (US$750-US$1000 per month). However, I have found another DSL provider, which maintains a totally independent network, including a " cable facility" right in the office building. However, they are also PPPoE based, and are more expensive, so I could probably only get a 1.5 or 2 mbps max DSL. The CIR, which is the guaranteed bandwidth, is actually about the same though, which is why they justify charging more.
There are no major servers at this office, but some clients will connect via SSL-VPN to access a NAS device, and soon there will be IPSec link to the main office also. There is a total of about 15 users in the office daily. If I go with a second DSL connection, my initial plan is:
- allow both WAN1 and WAN2 for all regular outbound Internet services - browsing, email, Skype
- use gateway load balancing on each link to redirect all outbound traffic to one connection when the other is down
- make the primary IPSec link WAN2 (new) and a failover tunnel on WAN1 (existing)
- for inbound SSL-VPN, use quasi-load balancing using a CNAME record pointing to both WAN host names, so that inbound connections are randomly assigned
My questions are:
- Any issue doing the dead gateway detection with PPPoE connections? Or is it not even necessary since the FGT knows immediately when the connection drops?
- Any concerns with CPU or memory usage running two PPPoE links? I believe PPPoE is a bunch more work for the FGT since it has to run an extra service for this versus straight Ethernet.
- Could I make the IPSec links both active load balancing too instead of failover?
- Any other suggestions or comments on my plan? I' ve never done a dual WAN installation before.
Thanks!