Setup backup connection for remote offices behind MPLS

I have the following situation. There is HQ and remote office A, B and C. HQ and office A both have a Pelink Balance 710 making the PepVPN with Speedfusion. Office B and C have a MPLS connection to Office A so all traffic from office B and C goes first to Office A from where the traffic goes either via PepVPN to HQ or directly out on the Internet.

|--------------MPLS--------Office B
|
Office A ---------(Internet/PepVPN)------------- HQ
|
|--------------MPLS--------Office C

This month the fiber cable to Office A which carries the MPLS and Internet connection was cut twice due to excavation works. Office A already has several ADSL connections connected to the Peplink Balance so that connection was never lost but now I also want to setup a backup connection for office B and C.

My thought is to place a Peplink balance in both Office B and Office C and connect one or several ADSL lines to it for backup. The question is though how to setup the PepVPN?

Can I setup a PepVPN from office B/C to HQ over the MPLS or do I have to setup first a PepVPN from Office B/C to A and then sent the traffic over the existing PepVPN between Office A and HQ?
Is there another way to do this? Is it possible that in normal operation, all traffic is routed via MPLS to Office A but in case the MPLS goes down the Peplink Balance in Office B/C fails over to a PepVPN that only uses the ADSL line(s)?

Any help is appriciated.

//Marco

Hi Marco,

Can you provide a proper diagram to show the type of connectivity between HQ, A, B and C in order for me to comment better? Look like the descriptions and diagram provided doesn’t match.

Is this better?


//Marco

Hi Marco,

This is the suggested design:-


Is it possible that in normal operation, all traffic is routed via MPLS to Office A but in case the MPLS goes down the Peplink Balance in Office B/C fails over to a PepVPN that only uses the ADSL line(s)?
Yes.

Hope this help.

Note that the “new internet links” are ADSL and much slower. These are only thought as backup links.
Could you explain me how to setup this senario to fail over to a PepVPN using the ADSL lines? Do I just make 2 Outbound policies with the same source and destination networks but with a different VPN and put the policy for normal operation higher?

//Marco

You could enable expert mode under outbound policies. Define the remote ends network under destination and use the Priority algorithm. Ensure that the MPLS link is the top connection priority and the VPN is second. This should keep all traffic on MPLS unless it goes down then it will go over the VPN connection (ADSL lines).