Fully Redundant Network Design

nb-nb- Posts: 40Member ■■□□□□□□□□
Hi Everyone

First of all i realise this topic will relate to both design, R&S and Security, but i thought this would be the best section to put it.

I'm designing a fully redundant network for a customer with a stackable core switch, and two ASA Firewalls doing Active/Standby failover. - I have done this many times before, but i have never had a customer with two ISP's requiring automatic failover in case one ISP becomes unavailable..

I have made a very well hand painted drawing of what my design looks like based on just one ISP.. But how would you accomplish full ISP Redundandy in case internet availability becomes unavailable on the primary link?
I imagine it would have something to do with IP SLA. - But then again what would happen to site-to-site VPN Connections, or remote clients connecting to VPN through Anyconnect and so on?
I simply do not see an easy or automatic way of doing this..

Can someone point me in the right direction? And if you know any tutorials, guides or blog entries anywhere about this plbe kind to link them below, thank you icon_lol.gif

Comments

  • wrwarwickwrwarwick Posts: 104Member
    With two ISPs you probably want to look into setting up BGP.
  • shortstop20shortstop20 Posts: 161Member ■■■□□□□□□□
    BGP is going to be your best bet.

    You can do it other ways, but you'll see situations where ISP 1 is "up" but you're unable to get to certain sites for various reasons, like an upstream provider that ISP 1 peers with is having problems.
    CCNA Security - 6/11/2018
    CCNP TShoot - 3/7/2018
    CCNP Route - 1/31/2018
    CCNP Switch - 12/10/2015
    CCNA R/S - 1/14/2015
  • chmodchmod Posts: 360Member ■■■□□□□□□□
    BGP dual homing is what you need.
  • joetestjoetest Posts: 99Member ■■□□□□□□□□
    All this BGP stuff is fine. But you can do with what you thought yourself.

    A couple of default routes and an IP SLA. The questions is.. are the VPNs as important as the internet itself to this company?
Sign In or Register to comment.