REDUNDANCY BETWEEN SITES

lambay2000 · ‎12-07-2010

Hello,

Current Scenario:

HQ site:

Server vlan replicating data to DR site servers having a same subnet on HQ and DR by doing Bridging on core switch accross the WAN between HQ

and DR.

TASK TO BE DONE:

The bridging link which terminates on core will terminate on firewall and Natting is the solution for reaching HQ to DR between the same subnet servers vlan without changing the IP address on the server.

REQUIREMENT:

ORACLE SERVERS ARE HARD CODED TO REPLICATE TO SAME SUBNET IP , IF I CHOOSE UPPER SOLUITON ,ORACLE SERVER WILL HAVE TO CHANGE THE REPLICATION IP TO VIRTUAL NATTED IP (DR SITE IP ADD) AND THAT IS NOT POSSIBLE BY ORACLE ADMINISTRATOR STATEMENT HE HAS DO MANY CHANGES.

CAN ANYBODY GUIDE WITHOUT CHANGING TO VIRTUAL NATTED IP CAN WE REACH DR SITE

Mohamed Sobair · ‎12-07-2010

Hi,

As I understood, you have a firewall between your 2 Bridged Network , and you dont need to nat to avirtual IP to reach the DR from the HQ.

In this situation, configure your Firewall in transparent Mode instead of Routed Mode, and have all your Bridge Setup not changed with the need of re-addressing IPs.

For More info about configuration of firewall in transparent Mode, please refer to this document bellow:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

Regards,

Mohamed

lambay2000 · ‎12-07-2010

Hello,

As I understood, you have a firewall between your 2 Bridged Network , and you dont need to nat to avirtual IP to reach the DR from the HQ.

YES IT WILL BE, STILL NOT IN CURRENT SETUP, IT IS TERMINATING ON CORE.

The Firewall is in live for corporate network i can't move to transaparent mode it is a huge job and also many other company access the corporate through the outside.Network.

Thanks

Mohamed Sobair · ‎12-07-2010

Hello,

If you cant make the firewall as transparent , then you need some sort to tunnel layer-2 over the WAN.

Have you looked at L2TPv3, with this, you can Span all layer-2 traffic over the WAN as well without the need of readdressing You simply have to create a GRE tunnel over the firewall between the HQ and DR site and configure L2TPv3 check the bellow link:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html

Let m know if you have any other inquiries,

Regards,

Mohamed

lambay2000 · ‎12-07-2010

Dear Mohammed,

The ISP link which is terminating on my core switch with current bridging setup will move to ASA on any of the free interface,The above solution provided by u, does the ASA firewall will support L2TPv3 command.

Thanks

Mohamed Sobair · ‎12-07-2010

Hello,

No it wont, However, I know your ASA will be Inline and traffic will pass through it after the ISP terminates the link to it, However, You can still do this between your Core Switch and the DR site.

create a GRE tunnel between your Core and DR , allow the traffic to pass through the firewall by adding all necessary ACl rule. create 2 Loopbacks between your Core and Your DR site. make sure the DR is reaching your Core Switch directly using the tunnel with the source/destination to be each site's loopback address, then configure L2TPv3 between the Core-Switch and the DR site.

The Traffic will still pass by the Firewall, So there is no concern, just L2TPv3 over a GRE.

Let me know if you have any other inquiries,

Regards,

Mohamed

lambay2000 · ‎12-07-2010

Thanks Mohammed,

Very much appreciate u r help,

As u advice for L2tpv3 i.e is very much new for me i have to read and build a lab setup before going live, Once i finish reading and building lab,i will post queries regarding the same and also i will rate the post.

Thanks.