Two DS3s on seperate routers

Unanswered Question
Jan 13th, 2010

Hi,

i am looking for some advice on adding an additional DS3 to my network.  Here is my current set up.

I have a 3845 with a T3 card connected to Verizon.  The 3845 then connects to a 5540 ASA which hosts my internal network and two DMZs.  NATing is performed on the ASA to /25 that was provided by Verizon.

So, outbound traffic goes through the network, hits the ASA, is NATed and sent out the T3 router.  Inbound traffic (for mail, www, etc) comes in through the 3845, is sent to the ASA and translated.

Recently we ordered another T3 (tiered a 12Mbps also from Verizon).  This T3 is not connected to the same router since it comes into a different building on the campus. It also came with more address space (/26)  How should I configure these routers and firewall to be redundant?  The problem I see is that if the ASA is NATing it will have to send traffic to only the router that has the associated subnet.

Do I need to move NATing to the routers?  For outbound traffic I would like both links to be used not simply failover.  I know that for inbound traffic I will most likely have to peer with my ISP and tell them to failover to the other circuit if the main one goes down.

Any help would be appreciated.

I have included a diagram to try an explain the situation.

Thanks

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Wed, 01/13/2010 - 17:29

Hi Steve,

Is there or can there be a connection between the new router and the existing 3845?

Also it the new router connected to the same firewall or a different one?

Reza

MTCITDEPT_2 Wed, 01/13/2010 - 17:33

Reza,

Thanks for the response.

There could be a network put in place between the two routers.  I could set up a /30 between the two.  As far as the ASA I was thinking about having both plug into the same ASA because this is where I have all of my nating and this ASA is the default route from my core, however I could add an ASA if this would be better.

Reza Sharifi Wed, 01/13/2010 - 18:01

Steve,

The best way to achive failover and load balancing is by using a dynamic routing protocol like BGP with your service provider.  You would also need to connect the 2 routers together and run IBGP in between to accommodate failover. By default BGP will load balance, but is never 50/50.  You may see one link at 70 and the other one at 30.

Please have a look at this document for more info:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf2

HTH

Reza

Actions

This Discussion