Vpn Topology


#1


I was wondering if anyone could tell me if this is a viable topology using Peplink?
(Basically having two head-end balance devices at differant sites, which have a vpn connection between them, and each remote has a MAX vpn tunnel to both balances (for redundancy) ).

Thanks


#2

Your topology looks fine as long as each location has a unique subnet.


#3

When both tunnels come up , how do the peplink MAX decide which tunnel traffic goes out, and on the hub ends, how do you tell which tunnel (from Main site A or Main site B) is used for sending to the remotes?

Thx


#4

I guess it would just be a routing decision based on best route? (can these be ipsec / or pep vpn?) the remotes would only have 1 internet connection for now, so it wouldn’t need speedfusion.


#5

You would use PepVPN on the BR1’s and set up two profiles, one to each main site. Then you would set up a custom outbound policy rule in the BR1’s using the priority algorithm and decide which one is priority 1 and the other would be priority 2. Traffic will always flow over the priority 1 connection unless it fails, then it will seamlessly switch to the priority 2 tunnel.