09-06-2002 01:29 AM - edited 03-02-2019 01:10 AM
Hi.
I have 2 Cisco 3640 (Cisco1 & Cisco2) connected to a firewall (static routing) and behind it there is a DMZ. A group of customers are connected to Cisco1 and other group is connected to Cisco2. In case that Cisco 1 goes down , how can I change the route to Cisco 2.?
Any suggestion?
Thanks
09-06-2002 04:35 AM
In case cisco1 goes down, how will you be able to connect to the customers that are connected to it? The customers must be connected to both routers then, correct? If that is the case, then use MHSRP (cisco1 is active for 1 group of clients and backup for the other group and cisco2 vice versa) on the routers.
Let me know if I misunderstood the design.
Steve
09-06-2002 04:46 AM
Hi Steve.
All customers are connected through PRI, in case that PRI1 or Cisco1 goes down then all ISDN calls are redirected (In TELCO switch) to PRI2 of Cisco2.
and viceversa.
Both routers have the same configuration.
Manel
09-06-2002 04:51 AM
Then yes, use HSRP on the routers (firewall's static route will point to the virtual IP that the 3640s will share - when one goes down the other takes over that IP).
Steve
09-06-2002 05:04 AM
Is similar HSRP to VRRP.?
First I thought to work with VRRP but this protocol is only supported in 7500 and 12000 platforms.
Manel.
09-06-2002 05:52 AM
Yes they are similar. Here is a quick link on it.
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm
Steve
09-06-2002 07:17 AM
It seems that is the solution , but I've got a new question, sorry.
If I have an active router with PRI1 and a standby router with PRI2 and PRI2 goes down. What happens?
I think the the solution would be to work with MHSRP :
Group 1 (Cisco1 active,Cisco 2 standby)
Group 2 (Cisco 1 standby, Cisco2 active)
But this method MHSRP is not suitable with 3600. Is it correct?
Manel
09-06-2002 07:47 AM
I have used the MHSRP on 7200 series only.
Several Ethernet (Lance and QUICC) controllers in low-end products can only have a single unicast MAC address in their address filter. On these platforms only a single HSRP group is permitted, and the interface address is changed to the HSRP virtual MAC address when the group becomes Active.
If the 3600 doesn't support it, try using subinterfaces and have one group on one subinterface and the second on a second subinterface. I haven't tried this, so if you have a lab, but it may work.
Another alternative is to put a layer 3 switch (eg 2948G-L3) inbetween the 3600s and the firewall and have the firewall point to the switch, and the switch route between the 2 routers and itself. More expensive but will work.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide