Fully Redundant Network Design

Hi Everyone

First of all i realise this topic will relate to both design, R&S and Security, but i thought this would be the best section to put it.

I'm designing a fully redundant network for a customer with a stackable core switch, and two ASA Firewalls doing Active/Standby failover. - I have done this many times before, but i have never had a customer with two ISP's requiring automatic failover in case one ISP becomes unavailable..

I have made a very well hand painted drawing of what my design looks like based on just one ISP.. But how would you accomplish full ISP Redundandy in case internet availability becomes unavailable on the primary link?
I imagine it would have something to do with IP SLA. - But then again what would happen to site-to-site VPN Connections, or remote clients connecting to VPN through Anyconnect and so on?
I simply do not see an easy or automatic way of doing this..

Can someone point me in the right direction? And if you know any tutorials, guides or blog entries anywhere about this plbe kind to link them below, thank you

13582235_1094612653915827_384747223_o.jpg

Find more posts tagged with

Comments

wrwarwick

With two ISPs you probably want to look into setting up BGP.

shortstop20

BGP is going to be your best bet.

You can do it other ways, but you'll see situations where ISP 1 is "up" but you're unable to get to certain sites for various reasons, like an upstream provider that ISP 1 peers with is having problems.

chmod

BGP dual homing is what you need.

joetest

All this BGP stuff is fine. But you can do with what you thought yourself.

A couple of default routes and an IP SLA. The questions is.. are the VPNs as important as the internet itself to this company?