Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

HW recommendation and advice on optimal setup

I have two requierments:

  1. Security
  2. Failover/redundancy

Related information:

  1. 6 external links:
    1. 4 dsl from 4 different ISPs (2 mbps up/down)
    2. two point to point microwave links (15 mbps up/down)
  2. Public access services:
    1. Webservice, should be set to failover between 4 DSL
    2. X service, should be set to failover between two microwave links. (will consume 10 mbps up/down)
  3. LAN related services:
    1. AD
    2. DNS
    3. etc..

Initial thoughts:

  1. SLA trackign for ISP to satisfy failovers
  2. HW failover between two cisco appliances for hw failures.
  3. three different DMZ :
    1. webservice related servers
    2. X service related servers
    3. LAN related servers
  4. No ideas what so ever when it comes to security (ips,ids,etc.. )

Any recommendation or advice would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

HW recommendation and advice on optimal setup

You could probably accomplish what you want using two devices.

  1. Security
  2. Failover/Redundancy for 6 links

Basically attach the 6 connections to the RV016 and then attach the RV016 to the ISA WAN1.  I would recommend managing all your NAT/PAT on the ISA in this configuration.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
3 REPLIES

HW recommendation and advice on optimal setup

You could probably accomplish what you want using two devices.

  1. Security
  2. Failover/Redundancy for 6 links

Basically attach the 6 connections to the RV016 and then attach the RV016 to the ISA WAN1.  I would recommend managing all your NAT/PAT on the ISA in this configuration.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

HW recommendation and advice on optimal setup

Thank you for taking the time to read and respond to my post.

That's a very interesting suggestion you have there, i hope you don't mind if i have a couple of questions to clear things up for me ?

1. Does the RV016 support seperate failovers ?

In other words; even though i have 6 links, they're seperated into 3 pools

     - First pool: 2 DSL links. ( 2 mbps up/down each)

     - Second pool: 2 micorwave links (15 mbps up/down each)

     - Third pool: 2 DSL links ( 2 mbps up/down each)

Each pool should only failover to it's members. and each pool has specific source from within the internal interfaces. in other words:

First pool: Webservice

Second pool: X service

third pool: VPN and LAN internet access

2. Is ISA replacing ASA as SMB solution? i read that it doesn't have CLI interface, how configurable is it ? and can it expand to whistand more modules if the case need be ?

HW recommendation and advice on optimal setup

Happy to help.  I will be candid in that I have not used the RV016 yet.  That said, please see page 75 (Multi-WAN) of the admin guide.

http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf

It states:

"IP Group (By Users): Select this option to group traffic on each WAN
interface by priority levels or classes of service (CoS). With this feature, you
can ensure bandwidth and higher priority for the specified services and
users. All traffic that is not added to the IP Group uses Intelligent Balancer
mode. To specify the services and users, click the Edit icon for the WAN
interface and then add protocol binding entries for each service, IP address,
or range of IP addresses."

This would lead me to believe that you can accomplish what you are wanting to by using CoS and IP Group.

As for the ISA question.  I'm a long time user of the ASA, and the PIX before it.  The ISA is not a replacement to the ASA in any fashion.  It's directed at a different target audience.  That said, I've been very impressed with how functional it is.  There are some things it can't do (like NONAT).  However for the most part it's very similar to the ASA in how it uses Address/Service Objects/Groups, NAT/PAT, Static NAT, Access Rules, etc.  It's doesn't have a CLI.  It doesn't have an Active/Standby option however it does support VRRP.  To answer your last question, it doesn't have a modular capability to support expantion.  As I said at the beginning, I've very impressed with it though.  You can take a look at the emulator if you want.  It's located here:

http://www.cisco.com/assets/sol/sb/isa500_emulator/index.htm

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
366
Views
0
Helpful
3
Replies
CreatePlease to create content