We are trying to add a point-to-point connection into an existing network, while implementing a high available/failover solution for internet and VPN.
Main site: 2 load-balanced WAN ISP connections (Presently using a Netgear SRX5308) (192.168.1.X)
Second site: 1 WAN ISP connection (using ZyWall 35 UTM) (192.168.3.X)
We currently have IPSEC VPN between them.
* We have a Point to Point (PTP) radio link that we want to connect in so the PTP is the primary connection between the sites (it is faster). If the PTP goes down, we want to have failover to the VPN via the ISP WAN links
* If Either site's WAN internet connectivity fails, we would like to route internet traffic through the other site via the PTP
* (additional step: We also have an Asterisk PBX that presently exists on a separate router. We have multiple IP addresses for each ISP at the main location, can dedicate a public IP from each ISP for the PBX if needed, and would like to move the PBX to be within this failover configuration.)
Our main need is to do something similar to "Highly Available Site to Site Connectivity using Dynamic Routing and VPN" on p.2 of this document
[url removed, login to view]
Our current routers are low-end (SOHO) and only support RIP. If OSPF is required or you convince us we otherwise need different hardware for this, we are willing to purchase two pfSense boxes, but would need you to configure them for us. If you feel you can meet our needs with our existing routers, that's fine too.
1) Initial plan for network architecture to achieve the VPN connection between Sites and failover as described above, using either existing h/w or pfSense
2) Implementation and support until this high availability solution is working and is stable.
3) Documentation sufficient to allow company staff to reproduce the procedure successfully in the future for future sites.
Please only bid if you are an expert with similar configurations.