Second LAN card on Models 1841 an 1941

Arielstu1 · ‎12-19-2011

Hi

When two Routers Models 1941 (Main Router) and 1841 work connected with HSRP, and a second LAN card is added to each one of them

If i connect the GE 0/1 and Fe 0/1 of each of one of them To FireWall1 (in cluster with FireWall2)

AND

i connect the second LAN (Added) of each one To FireWall2 (in cluster with FireWall1)

If FireWall1 will failure ,

How can Router 1941 know, to move traffic from GE 0/1 to the second LAN card connected to FireWall2 (which is in charge now, by cluster definition)

Thanks

alitadir · ‎12-19-2011

Hi Ariel, in firewall point of view, Firewall Cluster knows only one IP address and it doesn't care which device is currently listening on. I mean, if your firewall default gateway is 1.1.1.1, the HSRP group active router listens 1.1.1.1, so you can specify which of these routers will be active by configuring standby (group) priority (priority).

On the other hand router interfaces have to be connected via switched infrastructure to the firewall cluster, or firewall cluster interfaces which connected to the routers have to be bridged interfaces, becasue routers must listen multicast packets on the interfaces which will form a HSRP group.

Hope this helps

Ali TADIR

Arielstu1 · ‎12-19-2011

Hi Ali

Thanks for the response

i understand the routers have to be connected via switched infraestructure when each FireWall has only one WAN port,

which is common, but in case the FireWall has many WAN ports e.g. Link Balancing + FireWall enable

For Example as the picture below, a Barracuda Link Balancer with five WAN for balancing (think the maximun is six)

Each one has Two Wan, each for one Router (1941, and 1841) , and the rest three Wan for Three Adsl Backup,

(in the picture Adsl2, Adsl3, Adsl4)

Could work this escenario

Thanks again