Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4294 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site VPN- Best Method

Jae Lupo

I just upgraded our 4 firewalls to XG (latest build).  We use IPsec firewalls.  When a firewall is rebooted or there is a power failure the IPsec VPNs do not reconnect on their own.  I have to mess around with both sides of the tunnel to get them to connect again.  I created a new SSL VPN between two sites and it works fine after a reboot.  What is the current preferred method for Site to Site VPNs, IPSec or SSL?  If it is IPSec why wouldn't my VPNs connect on their own after a restart.  Thanks.


Jae



This thread was automatically locked due to age.
Parents
  • 0

    I use Site to Site SSL and it seems to work fine for me.  I have tried to use RED to connect 2 XG's but I have never been able to get it to work, the RED tunnel is established and up but I can't get traffic to flow across it.  

    I'd be curious to know which of the 3 methods, IPSec, RED, or S22 SSL the folks here find to have the best performance?

  • 0 in reply to Bill Roland

    For RED to work between XG, you have to make an ipv4 unicast rule on each device with the other's network and the red gateway. And make a LAN->LAN fw rule to allow the traffic. Not that hard, although it should be more straightforward for a red. If you need help, I'm happy to assist.

  • 0 in reply to Panagiotis Vakerlis

    I think my problem is that I've already got a Site to Site SSL VPN up between the two so the traffic is all traversing tun0.  Even if I shut off the SSL VPN I think the traffic is still wanting to traverse that way.  

     

    I have a RED15 device out in the field and it works flawlessly, set it and forget it.  

     

    If there was a decided performance advantage to RED over SSL VPN I'd probably dedicate more time to trying to figure it.

Reply
  • 0 in reply to Panagiotis Vakerlis

    I think my problem is that I've already got a Site to Site SSL VPN up between the two so the traffic is all traversing tun0.  Even if I shut off the SSL VPN I think the traffic is still wanting to traverse that way.  

     

    I have a RED15 device out in the field and it works flawlessly, set it and forget it.  

     

    If there was a decided performance advantage to RED over SSL VPN I'd probably dedicate more time to trying to figure it.

Children
  • 0 in reply to Bill Roland

    It shouldn't. SSLVPN Site2Site is a VPN whereas RED is actually a LAN for the XG. Anyways it's actually kind of the same at the end of the day so if your network works properly, leave it as it is.

    As fas as latency, just tried and atm the Site2Site seems faster than the RED. I got 44-60ms ping on site2site and 80-90 on red. There are a ton of differences of course which changes the outcome on networks such as device load,network load, network speeds, internet provider etc. The internet provider I mostly use has a ping of 1-4ms.