Im having issues understanding a way to get around the a dual site, dual ISP scenario with firewalls/NAT.
A couple issues that come to play:
-outbound-if each site were to route out of their local firewall with their local Public IP, then no worries. If you have a shared Public IP block between both ISPs, then traffic might route back to the other ISP and your other site, eventually hitting your other site and firewall. Without a session already created, the firewall would drop the packets
- inbound - how do you protect for static services such as a web server or email. If your mx record is pointing to ISP1 and ISP1 goes down, yea you could have another record point to your other public IP. However, many are going to have this record cached so they will try to be going to your ISP1 public ip for your smtp. Even if its not cached, how will your outside DNS server or a hosted DNS solution know that site is down?
One could argue that you could have another link between sites, where all traffic would be routed to the main firewall (unless it went down), but then you have all inbound traffic going to one site/one firewall, not to mention you have to come up with this other link between them.
Cisco Digital Network Architecture Center Modules (Design Module)Part.3In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module.Cisco DNA Center gives us the flexibility and scalability to configure mult...
Cisco 2509-RJ freezes during start-up I bought some Cisco 2509-RJ terminal server to work on my labs and was working fine. Today I turned it on and half way through starting up it seems to freeze. I can only find one instance of this happing to ...
Cisco Digital Network Architecture Center Modules(Design Module)Part.2In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and availability to con...
Connectivity Design considerations and recommendation
1.Management Access connectivity
If there is a dedicated OOB management path, consider connecting to CIMC and MGMT port.
If OOB path is not available, Connect the dedicated Management port to LAN Swi...