cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
4
Helpful
8
Replies

Failover Routing

Communications
Level 1
Level 1

We currently have a link to one site via a router which is behind a PIX firewall. We use static routes from our network, soon we will be having a 2nd link to a backup site (the two remote sites are connected) which we need to configure as a failover, again behind a different PIX. I tried configuring a floating static which works ok if the primary outbound interface fails but this is unlikely to be the case in practice. What is the best way to accomplish this switchover? We currently run RIP internally on Catalyst 4500's; I believe the External Company is using BGP.

Thanks Mike

8 Replies 8

guruprasadr
Level 7
Level 7

HI Mike, [Pls Rate if HELPS]

Refer link below for FAILOVER Configuration in end - to - end PIX Architecture:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/examples.htm#xtocid17

PLS RATE if HELPS

Best Regards,

Guru Prasad R

Hi Guru,

Thanks for the quick response, I did not make myself clear. What I am trying to acomplish is to get the routing working if/when the primary link fails. I have PIX failover working on the primary site but I am struggling to find what to use for the routing as the extenal links both come into different physical sites on different kit and currently we use static routes configured on our internal network for the primary site.

I looked @ HSRP but I am not sure it will work from different subnets on physically different sites?

Thanks Mike

Mike

I am not sure that I fully understand your requirements. But it sounds to me like a solution that might work for you is Reliable Static Routing Backup Using Object Tracking. A link that gives information about this is:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00801d862d.html#wp1057186

HTH

Rick

HTH

Rick

Hi Rick,

Thanks for responding I will have a look @ the link.

Currently we have a 3rd party company hosting some servers off site they provide us with 2 routers connected on a DMZ off our Firewall the Backup Site is accessible down the same link.

We are having a new link from their Backup Site into a different building on our campus connected to a an interface on a new Firewall then onto our internal network. The other capmus site is on a completely seperate subnet/VLAN from the exisiting link and is physically about 3 miles away.

What we would like to do is if/when the primary link fails be able to route the traffic up the new Link to the backup site (and on to the Primary Site).

I can change the static routes on the router(4500) but would rather have it switch automatically.

I cant make any changes to the external routers (not Ours) the current link is(10MB) with HSRP running.

Hope that is clear

Mike

I am not sure that it is entirely clear to me yet. But it seems to me that a solution that would work is to have a primary static route which handles traffic in normal situations and a floating static route to handle traffic if the primary static is not working, and object tracking to detect if the primary static route is not working should do what you need.

HTH

Rick

HTH

Rick

Hi,

The object tracking is working ok but where I normally have an iproute 172.33.10.0 255.255.252.0 172.33.9.13 track 1.

When the tracked router stops responding the route disappears from the routing table however I also have a floating static

172.33.10.0 255.255.252.0 172.33.9.14 110

both routes 172.33.10 are removed from the routing table where I would expect the non tracked entry to remain?

Thanks

Mike

At the point where the tracked router stops responding and the normal static route is withdrawn, is the next hop for the floating static route (172.33.9.14) reachable and in the routing table?

HTH

Rick

HTH

Rick

Hi Rick,

Thanks for responding it appears what is happening is that when the tracked ip address is lost the next hop is also lost. I also cant get the primary route back as the route to the tracked object is now pointing via a different route. Short of applying a route for the individual tracked host I can see how the primary route would be established.

Thanks Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco