Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
7
Replies

Network design advice

pollux1234567890
Level 1
Level 1

‎03-21-2006 06:35 AM - edited ‎03-03-2019 02:23 AM

I am trying to add redundancy to our network. Currently, we have one ISP connected to one router(2811) wich is in turn, connected to our firewall. I am currently setting up a second ISP going to a second router(2811). I will be running BGP on the routers. What is the best way to connect the routers and the firewall together so as to provide redundency. For now we will only have one firewall but we will be putting in place a backup firewall in about 6 months.

Labels:
0 Helpful
7 Replies 7

ankurbhasin
Level 9
Level 9

‎03-21-2006 07:19 AM

Hi Friend,

You can configure your 2 router's ethernet interface with HSRP config as when you implement HSRP you will get a virtual single virtual ip address and you can keep your one router lan interface as active and second router ethernet interface as standby.

Configure a single static route on your PIX firewall pointing towards that virtual ip address and all will be good to go.

HTH,if yes please rate the post.

Ankur

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ankurbhasin

‎03-21-2006 07:53 AM

HSRP will give redundancy but not provide load sharing across the two ISP connections. Only the active router will be passing traffic to and from the Internet.

Why not just connect the routers on a LAN segment and allow routing (BGP facing externally and whatever internal gateway protocol facing internally) to route according to the best available path?

HTH, please rate helpful posts.

0 Helpful

pollux1234567890
Level 1
Level 1
In response to Marvin Rhoads

‎03-21-2006 08:42 AM

I apologize for not being more specific, my main concern is physical connectivity first. I have attached a bmp with examples.

Preview file
115 KB
0 Helpful

pollux1234567890
Level 1
Level 1
In response to pollux1234567890

‎03-22-2006 05:30 AM

anyone?

0 Helpful

ankurbhasin
Level 9
Level 9
In response to pollux1234567890

‎03-22-2006 08:11 AM

Hi Friend,

Your last diagramme will be perfect.

ISP1 ISP2

! |

! !

router router

! |

!--switch--

|

firewall

You can implememt HSRP on lan interface of your router when you implement hsrp you will configure a virtual ip address which you can use to have a static route on your firewall to reach the router lan interface.

Or you can also implement GLBP.

HTH, if yes please rate the post.

Ankur

0 Helpful

pollux1234567890
Level 1
Level 1
In response to ankurbhasin

‎03-27-2006 01:08 PM

A)So you are saying it is good design practice to have a switch between a firewall and a router. Is't that an additional point of failure?

B) Is it not necessary to have the direct connection between the two routers?

D)Is there any way to get rid of the firewalls in a hosting environment(i.e. combine the switches and firewalls into the same object)?

thanks

0 Helpful

sivakondalarao
Level 1
Level 1
In response to pollux1234567890

‎04-01-2006 04:53 AM

Hi,

Today most firewall vendors are offering ISP load balancing,if it is true in your case, connect two routers to firewall two wan interfaces and enable ISP loadbalancing on firewall

what is your firewall?

Regards

sivakondalarao

0 Helpful
Customers Also Viewed These Support Documents