06-02-2008 06:50 PM - edited 03-05-2019 11:22 PM
Hi experts !
Good day to you all! I would like to have your advice regarding our plan to
migrate our customer network as I'm need to know whether our migration plan
is feasible to work on. I would like also to know what other good
alternatives that we could refer to beside our own migration plan. Our
migration plan is concentrated on the top level of both network which is the
most critical part. During the implementation of new network, we want to
retain the existing network set up (internet gateway and firewall) and at
the same time, set up both C7204VXR (we called it 'border-router') and two
new firewall accordingly. Based on the diagram, both firewall (which are
configured as a cluster) are using the existing firewall (Firewall-A) as
their temporary 'default gateway' since both 'border-router' on the new set
up has not yet connected to new leased-line services.
'Border-router', firewall cluster and existing firewall (Firewall-A) are
connected to a plain (unmanaged) switch in 111.168.100.0/27 network. The
existing firewall (Firewall-A) is in routed/NAT mode. One interface is
connected to their internal network and another connected to the new
network. Routing is shall be done on the existing firewall itself. Both
'border-router' would use GLBP for redundancy and similar to firewall
cluster which has its own virtual-IP. Once both 'border-router' are
connected to new leased-line services, the firewall cluster will pointing to
GLBP of 'border-router' as its 'default-gateway'. In terms of routing, I
going to use static routing configured in firewalls and 'border-router' as
initial start and might change to a dynamic routing (if possible) once the
migration is fully complete.
So, my questions are;
i. Based on your understanding, is this plan workable?
ii. Alternative ways to plan for better migration?
iii. In term of IP addressing, is this okay? (Note: IP address are not real
but the address arrangement is same)
I'm new to this migration and I seek for advice on this.
Thanks very much and regards,
Daniel Alex
p/s: If you need more explanation, I'm feel really glad to give.
06-02-2008 07:20 PM
06-04-2008 11:15 PM
Hi Alex,
In terms of GLBP I would make sure that I'ld use the "host dependent" load-balancing algorithm, so your hosts accessing the internet use always the same source IP when communicating with a server.
Your plan looks fine do far. You could have planned the new inside network as a temporary DMZ on the old firewall, so the transition runs smoothly ..
Robert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide