Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
5
Replies

HSRP design question

Go to solution
Scott Brien
Level 1
Level 1

‎10-24-2011 04:51 PM - edited ‎03-04-2019 02:02 PM

Hi,


I have recently undertaken a project for which i am to re-design our border network for our customers and infrastructure.

The design which i have in mind is as follows:

1) Customer WAN comes in on layer 2 on our customer agg switch and terminates in their own VFW where they can access the infrastructure required

2) a /30 public address space is assigned with 1 address on the outside IF of the VFW and the other on our border router which is connected via a trunk to our core switches.

My issue here is how we are to configure redundancy between our 2 border routers which are geographically seperated over a L2 WAN.

The border routers are multihomed HSRP would need to be active standby not load sharing.

Any assistance/thoughts would be appreciated on this one.

Thanks,
Scott

Labels:
Preview file
818 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Scott Brien

‎10-24-2011 08:55 PM

Hi Scott,

Thanks for that.  pretty kool pic

Now, with /30 its hard to get the HSRP get going. If you have a /29 subnet, that would help. I know that would be a big ask especially when dealing with public ip adresses . But hey you can probably convince the business by saying you can have another firewall and run both the firewalls in a failover pair or something to somehow put the /29 to use.

In my honest opinion I dont think we can achieve HSRP in your current environment with /30's. I can only recommend BGP between these 2 if you can afford another /30 instead of a /29

HTH,

Regards,

Kishore

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kishore Chennupati
Level 7
Level 7

‎10-24-2011 06:25 PM

Hi scott,

Do u have a diagram that you can put in here so we can get a better picture?

Regard,

Kishore

0 Helpful

Go to solution
Scott Brien
Level 1
Level 1
In response to Kishore Chennupati

‎10-24-2011 08:13 PM

  i have attached a cut down version of my diagram, should help paint a picture.

0 Helpful

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Scott Brien

‎10-24-2011 08:55 PM

Hi Scott,

Thanks for that.  pretty kool pic

Now, with /30 its hard to get the HSRP get going. If you have a /29 subnet, that would help. I know that would be a big ask especially when dealing with public ip adresses . But hey you can probably convince the business by saying you can have another firewall and run both the firewalls in a failover pair or something to somehow put the /29 to use.

In my honest opinion I dont think we can achieve HSRP in your current environment with /30's. I can only recommend BGP between these 2 if you can afford another /30 instead of a /29

HTH,

Regards,

Kishore

0 Helpful

Go to solution
Scott Brien
Level 1
Level 1
In response to Kishore Chennupati

‎10-24-2011 09:02 PM

Hi Kishore,

Thanks for that!

Yeah that’s what I was thinking, I am working on allowing the /29 vs dynamic routing, I like that idea of fw, we have a 2nd FWM waiting to be licensed.

Thanks for your help on this one.

Appreciated.

Scott

0 Helpful

Go to solution
Kishore Chennupati
Level 7
Level 7
In response to Scott Brien

‎10-24-2011 09:45 PM

No worries. glad to be of help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card