Redundant connections

Unanswered Question
May 10th, 2010

Ok so I often come across clients that have a terminal service hosted at their main office, and have multiple branch offices connecting to it.

Obviously if something goes wrong in the main office all the branches shutdown, what I would like to do is create a solution that can either provide multiple links for increased bandwidth or simply a backup link.

Since our clients are super cheap we are stuck with 877s, however I am trying to sell them a 1900 with either ADSL/ADSL or ADSL/3G

My current plan if we can not sell the 1900 is to use the 877s and attach a 3G router to a Fast Ethernet port, however my question is how can I tell the router to automatically use this link when its dialer interface fails.

Sorry for the mess of a post, having a huge head ache at the moment but to sum up the questions;

  • Can I use the Fe ports on the 877 as a second WAN port (separating the ports by VLANs etc)
  • If a client buys a 1900 with 2xADSL links is it possible to combine the links? (I use Tunnel IPSEC interfaces and want these to run over the combined links)
  • With a SVTI (IPSEC) if a link fails from ADSL to 3G the source IP will change, is there a way to set this to change when the primary WAN fails?
  • Is there anyway to add a extra layer of redundancy to the router its self?
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Mon, 05/10/2010 - 06:56
  • Can I use the Fe ports on the 877 as a second WAN port  (separating the ports by VLANs etc)

Yes, need Advanced IP services image.

  • If a client buys a 1900 with  2xADSL links is it possible to combine the links? (I use Tunnel IPSEC  interfaces and want these to run over the combined links)

No, it is not possible.

  • With a  SVTI (IPSEC) if a link fails from ADSL to 3G the source IP will change,  is there a way to set this to change when the primary WAN fails?

Yes,there are multiple way to do that.

  • Is  there anyway to add a extra layer of redundancy to the router its self?

No.

jamesitsolutions Tue, 05/11/2010 - 03:51

p.bevilacqua wrote:

  • Can I use the Fe ports on the 877 as a second WAN port  (separating the ports by VLANs etc)

Yes, need Advanced IP services image.

  • If a client buys a 1900 with  2xADSL links is it possible to combine the links? (I use Tunnel IPSEC  interfaces and want these to run over the combined links)

No, it is not possible.

  • With a  SVTI (IPSEC) if a link fails from ADSL to 3G the source IP will change,  is there a way to set this to change when the primary WAN fails?

Yes,there are multiple way to do that.

  • Is  there anyway to add a extra layer of redundancy to the router its self?

No.

I use the 12.4 AdvIPServices IOS, how do I go about splitting the Fe ports? The only concept I've come up with is to set the Fe ports to different VLANs?

My current thinking is to use just 2xADSL links put 50% of the VPN tunnels on each and if a link fails the lost tunnels will just reroute around the network. However what is the best way to have it so other traffic is evenly distributed between the links?

If I deploy a ADSL/3G solution how would I go about creating the fail over system?

Paolo Bevilacqua Tue, 05/11/2010 - 03:58

Answer is yes to all you questions. VPN redundancy is not a simple matter, can be done in more than one way, and you should take it up with a reputable consultant, or certified cisco partner.

jamesitsolutions Tue, 05/11/2010 - 04:09

p.bevilacqua wrote:

Answer is yes to all you questions. VPN redundancy is not a simple matter, can be done in more than one way, and you should take it up with a reputable consultant, or certified cisco partner.

Thank you for your response, however I was actually seeking direction with either references or sample configurations on how to complete the following;

  • How do I split the Fe ports on a 877?
  • How do I utilise both WAN links for general internet traffic? (This is not relating to the VPN links just TCP/UDP traffic)
  • Can you provide some examples of methods people use for a failover WAN?

I assume the first 2 questions are basic configurations compared to the last question.

Paolo Bevilacqua Tue, 05/11/2010 - 04:24
  • How do I split the Fe ports on a 877?

As you indicated above.

  • How do I utilise  both WAN links for general internet traffic? (This is not relating to  the VPN links just TCP/UDP traffic)

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080950834.shtml

  • Can you provide some  examples of methods people use for a failover WAN?

You can look into the security configuration examples section. However, I recommend you engage a professional.

Actions

This Discussion