Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
6
Replies

Cisco Routers Redundancy

Go to solution
telesymbol
Level 1
Level 1

‎11-11-2022 10:30 AM

Dear All,

we've four Cisco ISR 4331 routers (2 for WAN & 2 for Internet) and two FTD 2130 Firewalls for edge security. we're studying design scenarios for connectivity between those devices. And planning to configure first hop redundancy protocols like HSRP\VRRP between the two WAN & Internet redundant routers. please advice on the attached connectivity diagram or a better option.

Best Regards 

 

Preview file
141 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎11-12-2022 01:53 AM - last edited on ‎11-15-2022 12:58 AM by Community Manager

simple 
start from FW, config active/standby failover.
config in active FW two OUT
OUT1 share same subnet with WAN routers 
OUT2 share same subnet with Internet routers 
config static route in FW as following 


static route OUT1 toward the VIP of HSRP group (HSRP group of two WAN routers )
static route OUT2 toward the VIP of HSRP group (HSRP group of two internet routers)



config HSRP group in both WAN routers and Internet routers and also config NAT HSRP aware. 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-11-2022 10:36 AM

Looks reasonable - but question here, the switch is VSS ? or vPC or stack ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
telesymbol
Level 1
Level 1
In response to balaji.bandi

‎11-11-2022 10:59 AM

Thanks for the response

The switch between routers and firewalls is just an access switch with separate vlans for WAN & Internet.

the core switches (stackwise virtual) will connect to the firewalls, which are not shown on the diagram

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to telesymbol

‎11-11-2022 04:28 PM

thank you for the clarification, one of the things to understand here, is the RED line and Blue line, is you mean to say, that traffic is separate ? or just for reference?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
telesymbol
Level 1
Level 1
In response to balaji.bandi

‎11-11-2022 06:18 PM

used blue lines to refer to WAN interfaces and Red lines refer to Internet interfaces. And HSRP\VRRP is planned to be configured between routers for redundancy. 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to telesymbol

‎11-12-2022 03:23 PM

So your routing is based on where the Traffic has to go, Hope you managing the routing aspects.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎11-12-2022 01:53 AM - last edited on ‎11-15-2022 12:58 AM by Community Manager

simple 
start from FW, config active/standby failover.
config in active FW two OUT
OUT1 share same subnet with WAN routers 
OUT2 share same subnet with Internet routers 
config static route in FW as following 


static route OUT1 toward the VIP of HSRP group (HSRP group of two WAN routers )
static route OUT2 toward the VIP of HSRP group (HSRP group of two internet routers)



config HSRP group in both WAN routers and Internet routers and also config NAT HSRP aware. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card