Best Practice for Tunnel Over IPSec
amb1s1
Member Posts: 408
I have a question for the security guys. In our headquarter we are planning to have a point to point to our database and we are planning to have a Tunnel over IPsec for our backup. The question what is the best practice to do this. Here is
From data center to Headquarter:
[Data Center] [Headquarter]
Router
palo alto
Edge BGP Router
Internet
Firewall
Router----LAN
Now the design in the Data Center, I cant change, but on the headquarter I can move the Router in front of the Firewall or I can keep it the same I showed in here. I'm planning to have OSPF on our point to point and OSPF on the GRE Tunnel. Where the tunnel start and end? Thanks in advance
From data center to Headquarter:
[Data Center] [Headquarter]
Router
palo alto
Edge BGP Router
Internet
Firewall
Router----LAN
Now the design in the Data Center, I cant change, but on the headquarter I can move the Router in front of the Firewall or I can keep it the same I showed in here. I'm planning to have OSPF on our point to point and OSPF on the GRE Tunnel. Where the tunnel start and end? Thanks in advance
Comments
-
amb1s1
Member Posts: 408
I forgot to mention that Internet traffic will go from headquarter to Datacenter then Internet due that we are going to have Palo Alto to inspect the traffic for corporate traffic. When the Point to point goes down we want a gre Tunnel to data center then to Internet.