Tuesday, July 10, 2018

VPN tunnel to to provide failover between two different ISPs?

Equipment on my side:

2x SonicWall NAS 2600 in HA mode. 250/250 fiber connection from one ISP, 600/40 cable connection from a second ISP as the emergency backup (since there was only one fiber provider in my area when we set this up, in three years after the contract is up I'll look to replace the 2nd link with fiber but since 40 out is such extreme overkill for what we do I'm not worried about it).

Outside vendor requires VPN connection to their site. They gave us two tunnels for redundancy, both endpoints are on the fiber. They're used to setting things up for sites that only have one ISP so that's just the way they do it. If a tunnel goes down the other tunnel is there for backup. At most of their clients if the ISP goes down, I guess most people just sit offline until it comes back up.

For "reasons" they don't want to give me two more tunnels (primary and backup on my backup ISP) with failover between the two pairs. Not sure why, but it is easier to find alternatives rather than fighting with them.

I'm thinking I need a proxy somewhere that will serve as the VPN endpoing for their tunnel, then direct data to the fast connection if it is up, to the cable connection if the fiber is down. How do I configure such a proxy?



No comments:

Post a Comment