Backup Gateways
No Overlapping Encryption Domains
The picture below shows two geographically separated internal networks that are connected to each other with a dedicated link. Each network is connected to the Internet through its own gateway. The encryption domains of Gateway A and Gateway B do not overlap, but Gateway B is defined as a backup for Gateway A.
|
Item |
Description |
|---|---|
|
1 |
Remote Access Client |
|
2 |
Internet |
|
3 |
Gateway A |
|
3E |
Encryption Domain for Gateway A |
|
3N |
Internal Network for Gateway A |
|
4 |
Gateway B |
|
4E |
Encryption Domain for Gateway B |
|
4N |
Internal Network for Gateway B |
|
5 |
Dedicated Link |
When the client tries to establish a connection with one of the hosts in Gateway A's encryption domain, it first tries to connect to Gateway A. If Gateway A is not available, it tries to connect through Gateway B.
Fully Overlapping Encryption Domains
Like the previous picture, the picture below shows two geographically separated internal networks that are connected to each other with a dedicated link. But in the picture below, Gateways A and B have identical encryption domains. Gateway C is in a different geographic location and is defined as a backup gateway for Gateways A and B.
|
Item |
Description |
|---|---|
|
1 |
Remote Access Client |
|
2 |
Internet |
|
3 |
Gateway A |
|
3E |
Encryption Domain for Gateway A |
|
4 |
Gateway B |
|
4E |
Encryption Domain for Gateway B |
|
5 |
Gateway C |
|
5E |
Encryption Domain for Gateway C |
|
6 |
Dedicated Link |
When the client tries to establish a connection with one of the hosts in the encryption domain, it first tries to connect to the primary gateway based on the MEP settings configured (Gateways A and B in the example). It creates the encrypted connection with the first gateway that replies. If the primary gateways do not respond, the client tries to connect through Gateway C.