A client for whom I have to configure only the switches wants the following:
There are two internet connections from two ISPs. The primary internet connection is the 'live' connection, the secondary is not used.
With the failure of a firewall or switch, the primary internet connection should still be used.
Only in an extreme case the secondary internet connection should be used.
The proposed config (not by me :)):
Internetconnection 1 > WAN-switch1 > ASA1 > DMZ-switch1 > ISA-server
Internetconnection 2 > WAN-switch2 > ASA2 > DMZ-switch2
WAN-switch 1 & 2 are interconnected
DMZ-switch 1 & 2 are interconnected
Only the DMZ-switch1 is connected to the ISA-server.
I 'm not familiar with DMZs, but to me this is not a solid configuration.
The redundancy looked for is not achieved.
If WAN-switch1 fails the secondary internet connection through WAN-switch2 has to be used.
If DMZ-switch1 fails the connection to the entire out-world connection is gone.
Ditto if the single ISA-server dies.
Your ideas please,
PS. Do you know any good sites for recent topology examples?