Need your help on Dual- homed internet connectivity design.
Please refer the attached diagram & following design requirements
â¢ We have our own APNIC range public ip address let's say /24 range A and B
â¢ Router 1 connects to SP provider 1 & Router 2 connects to Service provider 2
â¢ With Both SP we decided to run BGP session and advertise both APNIC range with both SP
â¢ We do NAT or PAT our internal IP's at dedicated firewall with APNIC ip's
â¢ We do segregation of Internet browsing & Project traffic at firewall ( APNIC Range A for Projects & APNIC B for internet browsing)
â¢ VPN concentrator to be connected on DMZ interface of Firewall & outside interface of concentrator towards internet router.
â¢ VPN connector will be used for some projects traffic.
Need to meet following requirements
â¢ Project specific traffic needs to go via primarily Service Provider-1 & when primary fails should go via Service Provider-2
â¢ Auto Failover is strongly recommended Project specific traffic.
â¢ Internet browsing traffic should only go via Service Provider-2 only. We are ok if SP-2 fails & browsing stops.
Yesâ¦this requirement would need policy based routing may be at router or at switch before the router.
Need your help to get the best design which meets the requirements.
Thanks in Advance