I need a router/firewal for WAN/VPN Failover, Load Balacing, VPN, QOS etc.

HI everybody, i write here cause i need help by some expert about this argument. I got two offices, one with about 10 computers and the other one with 6 computers. the 10 one has a DomainController (Win 2003) instead the 6 one have only a Workgroup. Both offices have 2 xDSL lines each one (one ADSL and one SHDSL). My object is find an hardware to do: - WAN and VPN Failover; - Loadbalancing (but this point isn't so important); - Creation a vpn-tunnel between 2 routers, so i could have only one internal network for all my computers in the two offices; - Merge all the computers in the Domain (the small group will add to the domain only for autentification); - Using QOS or other way to route all traffic generated by VoIP one only one of two xDSL; - I'm looking for UTM solutions and not; I've just founded some "candidates": - Juniper Network Netscreen 5GT / 5GT Plus - Watchguard Firebox edge X 5 (but i dont how cost the upgrade for WAN failover...) - Watchguard Firebox edge X 10e - Secure computing SnapGear SG 580 (or 560) If you know some about this models let me know if they could be a good solution for me or if you have all other suggestions write me 'em here! Thanks! FABIO

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hey Fabio.

I’m not a super-networking expert yet, but I know a few things. I work at an integrator that uses only cisco equipment and we would set up either a pair of PIX 501s or a ASA5510 at the larger office and a pix501 or 506 at the smaller office perhaps.

While you can set QOS on the network devices you control, you can’t on the backbone carrier and you may find the voice quality still has occassional issues. Hopefully not, but perhaps.

You wouldn’t be able to put all of the computers on the same subnet of course, but they could join your windows domain and share resources. Just make sure that you assign proper DHCP on the 6 computer site so that they ONLY have DNS of the ONE server you have. Otherwise you’ll have issues.

You could set up the VPN tunnel between the two cisco devices and tunnel only lan traffic and let other traffic you out each respective router directly to the internet.

For a true failover scenario it could be complicated and expensive because of the required hardware.

I would set it up this way:

1) Get a pix 501/506 for the smaller office.
2) Get a Pix 501/506 or an ASA5510 for the larger office.
3) Create a VPN tunnel using these firewall/VPN endpoints.
4) Assign DHCP for the smaller satellite office from the local firewall (PIX/ASA)
5) Install a windows terminal server or terminal services install to the main office server

I would avoid worrying about failover for cost/complexity reasons as it should happen very infrequently if at all. The terminal server would be the primary or backup for the office in case the DSL/VPN tunnel down. If the office still had internet access on the other internet connection, you could just log into the firewall, change the DHCP options to give an internet DNS server and then have the clients reboot which should give them the new settings, allow them internet access and then just log into the MS Terminal Server and run their apps (and map drives) from there until the VPN tunnel can be brought back up.

Best Regards

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: