09-13-2008 07:52 AM - edited 03-06-2019 01:21 AM
Hi,
Recently our current gateway solution went down due to a hardware failure, resulting in production loss etc.
We now want to secure our gateway (Lan->Wan) the best we can to prevent this from happening again.
We only got one WAN line (10/10mbps) and the provider cannot garantee a redudant connection (meaning if one goes down, most likely a second also will) - so we are stuck with only one line.
The hardware however should be possible to secure!
What kind of router will make is possible to configure a failover solution on only one line??
09-13-2008 07:58 AM
What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH
09-13-2008 07:59 AM
What about implementing an HSRP solution having master/slave configuration or pri/backup to do so simply add both eth interfaces outbound from Lan to a Virtual IP that acts as a gateway for both Lan segments to where if the primary goes down then based on Multicast heartbeat alg the seconndary will act as primary to route traffic. HTH
09-13-2008 08:01 AM
Check out the following doc for more help it is somewhat lengthy
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp.html
09-13-2008 09:03 AM
Thanks, seems like the way to go.
This however requires two seperates lines from our ISP (which really has no point) - or with one line a WAN subnet with 2 or more adresses, and a switch on top (another point of failure, but not so likely).
09-14-2008 12:11 AM
You can only implement redundancy mechanisms within your LAN in this instance.
If the provider only supplies one WAN line, there is necessarily a single point of failure in the system. The line has to come in at one point, and in doing so that becomes the single HW point of failure. You can implement redundancy mechanisms further down the path, but short of something that can change the WAN connection at layer-1 in the event of a failure (like a person), there isn't going to be anything you can do in the event that there is a failure on the HW that terminates the line.
09-14-2008 12:41 AM
Hi,
At out current location we have to accept the fact that the line it self is a single point of failure. Getting a second line would not change much (except increasing the bill from our ISP).
This however shouldn't prevent us from securing the gateway futher down the path.
So what we're looking for is in fact a redundancy solution inside our LAN.
Would it be possible to setup two 871 routers, and configure a virtual gateway address inside the LAN?
The two router surely have to be connected to the one (and only line) through switched solution with a separate address on each device.
How about incoming trafic? Is it possible to use HSRP on the outside as well ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide