Fully Redundant Network Design
Hi Everyone
First of all i realise this topic will relate to both design, R&S and Security, but i thought this would be the best section to put it.
I'm designing a fully redundant network for a customer with a stackable core switch, and two ASA Firewalls doing Active/Standby failover. - I have done this many times before, but i have never had a customer with two ISP's requiring automatic failover in case one ISP becomes unavailable..
I have made a very well hand painted drawing of what my design looks like based on just one ISP.. But how would you accomplish full ISP Redundandy in case internet availability becomes unavailable on the primary link?
I imagine it would have something to do with IP SLA. - But then again what would happen to site-to-site VPN Connections, or remote clients connecting to VPN through Anyconnect and so on?
I simply do not see an easy or automatic way of doing this..
Can someone point me in the right direction? And if you know any tutorials, guides or blog entries anywhere about this plbe kind to link them below, thank you
First of all i realise this topic will relate to both design, R&S and Security, but i thought this would be the best section to put it.
I'm designing a fully redundant network for a customer with a stackable core switch, and two ASA Firewalls doing Active/Standby failover. - I have done this many times before, but i have never had a customer with two ISP's requiring automatic failover in case one ISP becomes unavailable..
I have made a very well hand painted drawing of what my design looks like based on just one ISP.. But how would you accomplish full ISP Redundandy in case internet availability becomes unavailable on the primary link?
I imagine it would have something to do with IP SLA. - But then again what would happen to site-to-site VPN Connections, or remote clients connecting to VPN through Anyconnect and so on?
I simply do not see an easy or automatic way of doing this..
Can someone point me in the right direction? And if you know any tutorials, guides or blog entries anywhere about this plbe kind to link them below, thank you
Comments
-
shortstop20 Member Posts: 161 ■■■□□□□□□□BGP is going to be your best bet.
You can do it other ways, but you'll see situations where ISP 1 is "up" but you're unable to get to certain sites for various reasons, like an upstream provider that ISP 1 peers with is having problems.CCNA Security - 6/11/2018
CCNP TShoot - 3/7/2018
CCNP Route - 1/31/2018
CCNP Switch - 12/10/2015
CCNA R/S - 1/14/2015 -
joetest Member Posts: 99 ■■□□□□□□□□All this BGP stuff is fine. But you can do with what you thought yourself.
A couple of default routes and an IP SLA. The questions is.. are the VPNs as important as the internet itself to this company?