61200890L1-29.4A May 2005 Configuration Guide Internet-based WAN Backup Solutions using NetVanta Overview This configuration guide delineates the advantages of using the NetVanta product line and the Internet for wide area network (WAN) connectivity. It includes example scenarios using Internet-based backup solutions.
Introduction Internet-based WAN Backup Solutions using NetVanta Introduction WAN communication links are traditionally the weakest component in computer networking. Unlike LAN components, which are typically in the owner's direct physical and administrative control, the facilities that make up the WAN link belong to and are controlled by a third party. These facilities also cover wide geographic areas, making them more susceptible to physical harm.
Internet-based WAN Backup Solutions using NetVanta The Internet as an Alternative Solution 1 - Primary = Frame Relay Service Provider, Alternate = ISP via Dial-up In this scenario (see Figure 1), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network.
The Internet as an Alternative Internet-based WAN Backup Solutions using NetVanta local-id fqdn REMOTE peer 10.254.255.85 attribute 10 authentication pre-share group 2 lifetime 300 ! crypto ike remote-id fqdn CENTRAL. preshared-key 1234567890 ! crypto ipsec transform-set dessha esp-des esp-sha-hmac mode tunnel ! crypto map HOSTviaDIAL 100 ipsec-ike match address REMOTE_to_CENTRAL set peer 10.254.255.
Internet-based WAN Backup Solutions using NetVanta The Internet as an Alternative ip address 10.254.255.26 255.255.255.
The Internet as an Alternative Internet-based WAN Backup Solutions using NetVanta Solution 2 - Primary = Frame Relay Service Provider, Alternate = ISP via PPPoE/DSL-Cable In this scenario (see Figure 2), a Frame Relay service provider supplies the Frame Relay access line and virtual circuit that connects a NetVanta remote site directly to the central site. Since this link is entirely over a provider's Frame Relay network, no firewall or VPN is required to protect the customer's network.
Internet-based WAN Backup Solutions using NetVanta The Internet as an Alternative local-id fqdn REMOTE peer 10.254.255.85 attribute 10 authentication pre-share group 2 lifetime 300 ! crypto ike remote-id fqdn CENTRAL. preshared-key 1234567890 ! crypto ipsec transform-set dessha esp-des esp-sha-hmac mode tunnel ! crypto map HOSTviaPoE 100 ipsec-ike match address REMOTE_to_CENTRAL set peer 10.254.255.
The Internet as an Alternative Internet-based WAN Backup Solutions using NetVanta access-policy FR ! interface ppp 1 description PPPoE Interface to ISP with Firewall, VPN to CENTRAL Gateway ip address negotiated access-policy PoE crypto map HOSTviaPoE ppp authentication chap username ISP_PPPoE_Srv password a ppp chap hostname ISP_Customer_PPPoE ppp chap password a mtu 1492 no shutdown cross-connect 2 eth 0/2 ppp 1 ! ! ip access-list extended Internet permit ip 10.1.1.240 0.0.0.
Internet-based WAN Backup Solutions using NetVanta The Internet as an Alternative Solution 3 - Primary = ISP via PPPoE/DSL-Cable, Alternate = ISP via Dial-up In this scenario (see Figure 3), the remote site has two ISP accounts, one via PPPoE using a DSL or cable modem and another via dial-up. Both are protected by the NetVanta firewall.
The Internet as an Alternative Internet-based WAN Backup Solutions using NetVanta ip firewall fast-nat-failover ! ! If using the PPPoE and Dial-up ISP connections for local Internet access ! and using 'NAT source' with the address of the currently active interface, the ! previous command is necessary to allow sessions started on one interface to be ! terminated when the route to the destination switches to the other interface.
Internet-based WAN Backup Solutions using NetVanta The Internet as an Alternative no shutdown ! interface eth 0/2 description Ethernet to DSL/Cable Modem no ip address no shutdown ! interface bri 1/3 description ISDN link to local PSTN isdn spid1 11111 isdn spid2 11112 no shutdown ! interface ppp 1 description PPPoE Interface to ISP with Firewall, VPN to CENTRAL Gateway - PRIMARY ip address negotiated no-default access-policy PoE crypto map HOSTviaPoE ppp authentication chap username ISP_PPPoE_Srv passwor
The Internet as an Alternative Internet-based WAN Backup Solutions using NetVanta ! ip policy-class DIAL allow reverse list REMOTE_to_CENTRAL ! ip policy-class LOCALLAN allow list REMOTE_to_CENTRAL ! nat source list Internet interface ppp 1 overload policy PoE nat source list Internet interface ppp 2 overload policy DIAL ! ! Since the Internet traffic is using 'nat source' to the active interface IP address, ! a destination policy class is included in the previous NAT policies to control which ! NAT is us
