Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
3
Replies

HSRP of two completly different connections

chasm_Ger
Level 1
Level 1

‎04-03-2006 12:31 AM - edited ‎03-09-2019 02:29 PM

Hello,

i'm not completly involved with hsrp. We have to WAN connections with completly different ip addresses, vpns, port forwardings, access-lists.

Both connections end in the same rack. Our two routers (2811) are connected via cisco gigabit switch. the provider connections will also be connected to this switch.

Is it possible to configure the routers with the standby commands to have redundancy?

I mean, if one router fails, the other router should do its job like before, but also take over the job of the failed router as well.

Both have internal LAN addresses (192.168.105.254 and 192.168.105.253).

How can we manage, that the router will activate the access-list for the "standby" connection. We have configured both access-lists on both routers.

I hope i have mentioned all information needed for an answer.

best regards

chasm

Labels:
0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎04-03-2006 09:21 AM

Hello,

what you are saying is, that if one router fails the other should provide the functionality of both routers working separately now.

This means you should first test, whether one router can be configured to do everything both routers do now. If this is the case then a standard HSRP configuration with interface traccking should give you redundancy. Be aware however, that HSRP is not meant to provide load sharing. Usually one router is active and the other on is idle unless the active one fails.

Another question is how your IP routing looks like. HSRP is more meant to deliver a redundant default gateway to a host than to have redundant internet connections with VPNs and the like. It might be possible though.

There may be other options like dynamic routing in your case, but without more detailed information about the complete IP routing solution in your case this can not be answered easily.

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

chasm_Ger
Level 1
Level 1
In response to mheusinger

‎04-03-2006 09:51 PM

Hello Martin,

i will try to explain the situation in more detail.

The location is a data center where we have rent two racks. In one rack, both routers and the gigabit switch are installed. The router of one provider (t-com) is installed in this rack as well. The connection from the other provider (its the owner of the data center) comes via cable into the rack.

So as i said, there are two completely different WAN connections. Our idea or wish is, if one of the router fails, the other one should handle the WAN connection - and all the other stuff the failed router did - as well. Therefor i configured both routers duplicate. I named all configuration parts with praefixes (access-list extended provider1_incoming, access-list extended provider2_incoming, nat pool provider1 and so on).

You asked for routings, this happens as well:

Port Forwardings - i have duplicated them.

On the server i will configure the official ip addresses of the subnet of the providers.

We have an official 16 IP-Addresses subnet from provider1 and an official 8 IP-Addresses subnet from provider2. The routers will have one official IP Address from the subnet.

If the server gots an official IP-Address, i will configure the official router IP-Address as gateway.

If the server only gots an internal IP-Address, i will configure the internal router IP-Address.

Up to this, everything is clear to me. But as i wrote, i have on every router the acls provider1_incoming and provider2_incoming. How can i manage, that the router will adopt the correct access-list if the other router fails?

Thanks for your help

Matthias

0 Helpful

chasm_Ger
Level 1
Level 1
In response to mheusinger

‎04-12-2006 03:39 AM

Hello,

i will try again. This time with an picture.

As you can see in the picture, we have two wan links from two different carriers that terminate in our rack.

We have a cisco catalyst gigabit switch. The carrier equipment is connected to the switch like our routers. I will configure vlan so that only the carrier equipment and our two routers could communicate.

From both carriers we got official subnets. The carrier2 (picture) has an extra official transport subnet (/30) between its L3 switch and our router2. The official subnet for our webservers is routed by the carrier to our router2 which has one of the official ip on its "inner" interface.

The other WAN link has no extra transport subnet. The router of carrier1 has the first official ip address out of our official subnet.

What we want to reach is redundancy if one router fails. The other router should do its job as before, but additionally make the job of the failed router.

Therefor we have to manage the official ip addresses of both routers and the internal ip addresses of both routers with hsrp. So we don't have to change routes on the servers behind.

If router1 fails, router2 should have the LAN IP of router1 and the WAN IP router1 additionally to its own IP addresses.

Is it possible, if fa0/1 is the LAN interface, i do not have to configure an ip address to this interface. Example:

int fa 0/1

no ip address

standby 1 name LAN1

standby 1 ip 192.168.100.254

standby 2 name LAN2Backup

standby 2 ip 192.168.100.253 (secondary???)

standby 2 priority 100

Will this do what i expect to do?

Preview file
105 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents