Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
1
Replies

internet fail over issue

mpate1311
Level 1
Level 1

‎03-02-2016 09:50 AM - edited ‎03-05-2019 03:28 AM

Dear Expert,

Hope you are doing well !

i  have two firewall 5512 and 5506 at main site and non main site respectively.for main site has 3750 switch which is connected to firewall(5512) and firewall connection goes to ISP directly and same situation on the non main site which goes to same ISP from non main site location. and two 3750 switches on both side connected to 10 gb fiber link. 

my issue is if firewall at main site link goes down to isp then users connected at this site will use the internet from the 10 gb fiber with help of switches which have routing table and it comes to know that internet link goes down and route all the traffic via fiber link connected to non main site and non main site provide the internet connection to the main site user via fiber link, how do i configure fail over with help of cli ?

looking forward to hearing you guys !!

thanks,

maulik

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-02-2016 04:53 PM

You are asking for quite a bit of help here ...

On the two firewalls, I would enable RIPv2, and have it advertise the default routes.  Assuming they are static, and that the 10Gbe link between the sites is a point to point link layer 2 link that is being routed over by the 3750's you would use something like the below, where a.b.c is your inside network in both cases.  If any of this is not the case please post a topology.

router rip
 network a.b.c.0
 passive-interface outside
 redistribute static
 version 2
 no auto-summary


Then enable dynamic routing on all your 3750's.  The "a.b.c" should be a VLAN facing toward the local firewall.  d.e.f should be the network facing towards the remote site.


router rip
 network a.b.c.0
 network d.e.f.0
 version 2
 no auto-summary


No you should be able to delete any static default route, and within about 30s see a dynamic default route appear with "show ip route" on the switches pointing to the local firewall.




Get yourself to this point.  Then you need a lot of firewall changes for NAT and possibly access control lists.



					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		
			        

		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents

        

        

          

            

              

                

                  
                

              

            

          

        

      

    

    

      
 

    

  




		
			
		
			    


		
					
Review Cisco Networking for a $25 gift card