Business Community > All Threads > Network Failover Solution - Through IPsec VPN or P2P
< All Threads

Network Failover Solution - Through IPsec VPN or P2P

Network Failover Solution - Through IPsec VPN or P2P

Network Failover Solution - Through IPsec VPN or P2P
Network Failover Solution - Through IPsec VPN or P2P
17 hours ago - last edited 14 hours ago
Model: CPE510   ER605 (TL-R605)  
Hardware Version:
Firmware Version:

Hello,

 

I am looking to reconfigure the current network setup with the aim to provide a failover solution whilst keeping the two ISP networks seperate but still talk to each other for things like accessing servers and other IOT devices across the two networks, so I am wondering whether this could be done using P2P or via Site-to-Site IPsec VPN?

 

As I describe below that Building A currently has it's own ISP whereas Building B currently doesn't (but it is soon getting it's own ISP connection & ER605 or ER7206 router installed this month), the two buildings talk to each through the use of existing P2P devices (Pharos CPE510). Building A is currently the main point of where the magic happens, so ISP WAN comes into the ER605 router and then it transmits from CPE510 of Building A and receives to another CPE510 on Building B and into the LAN port of the smart switch. This method has worked really well over the last couple of years, in all weathers without a single problem!

 

Now the plan is to change this so that Building B can also act in the same way as Building A and therefore communicate to one and another using the existing P2P setup, providing a failover should Building A ISP connection goes down for any reason and instead receives internet through the new ISP from Building B, the same way should Building B's ISP goes down and vice versa. I presume these two CPE510s will need to be connected straight into the WAN port for it to work? I'd be happy to look at getting EAP211s if this is the case for this scenario?

 

Could someone suggest me the best router I should go for this type of setup? I currently have ER605 installed in Building A and I am thinking of getting ER7206 for Building B. Speaking of routers, I would like to know if it is possible to setup Site-to-Site IPsec VPN through these two seperate routers via Omada Cloud Controller? Doing this would eliminate the use of the P2P devices as I have explained above. So in an event of a failover, it should talk to each other via IPsec VPN but presume this would require some configuration to make it work?

 

I'd be happy to provide a network diagram to explain all this and the scenarios covered as explained in this topic.

 

Any suggestions and recommendations would be greatly appreaciated.

 

Many thanks,

Ben

Regards, Ben
  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Network Failover Solution - Through IPsec VPN or P2P-Solution
14 hours ago - last edited 14 hours ago

Hi @HBEN1603 

Thanks for posting in our business forum.

You need at least 4 CPE.

A > B.

B > A.

Two CPEs are not enough to create the failover.

 

Can do an IPsec between A and B if they have a direct link. An Ethernet cable. Connect to a free WAN and set both sides to the same subnet.

Load balance would conflict with the IPsec. If you want to avoid this, you need two WANs for a primary and peer site WAN source, as this is used for the always stay on the Internet(load balance). And one WAN for a static link to form IPsec to ensure the site-to-site.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options
1 Reply
Re:Network Failover Solution - Through IPsec VPN or P2P-Solution
14 hours ago - last edited 14 hours ago

Hi @HBEN1603 

Thanks for posting in our business forum.

You need at least 4 CPE.

A > B.

B > A.

Two CPEs are not enough to create the failover.

 

Can do an IPsec between A and B if they have a direct link. An Ethernet cable. Connect to a free WAN and set both sides to the same subnet.

Load balance would conflict with the IPsec. If you want to avoid this, you need two WANs for a primary and peer site WAN source, as this is used for the always stay on the Internet(load balance). And one WAN for a static link to form IPsec to ensure the site-to-site.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#2
Options

Information

Helpful: 0

Views: 30

Replies: 1

Related Articles
VPN IPSec Failover
715 0
VPN IPsec with 2Links Failover
1623 0
IPsec failover with USB modem
216 0
IPsec VPN don't support WAN Failover
1120 5
WireGuard VPN to Remote IPSEC network.
1920 0
VPN Failover
582 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.