Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
3
Replies

Request suggestion on the Design

acharyr123
Level 3
Level 3

‎08-11-2011 12:21 AM - edited ‎03-04-2019 01:15 PM

Hi,

Kindly find attached the network diagram. I need the below functionality from the proposed setup. Kindly sugegst me with your findings:

Requirement:

1. Both the internet links will be Active/Active

2. I have kept both the link load balancers in Active/Standby mode

3. I have kept both the Perimeter firewalls in Active/Standby mode

4. I have kept both the Internet firewalls in Active/Standby mode

5. Core switches are configured in HSRP

6. All users are connected to core switch via access switches

7. IPS should be placed in In-Line mode & it should inspect outbound internet traffic, traffic destined to DMZ, traffic destined to internet server segment

Kindly suggest if this setup is gona work, also suggest your findings..

Labels:
Preview file
26 KB
0 Helpful
3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-11-2011 02:16 AM

as a high level it looks ok

however yo mentioned that both Internet edge routers will be working in active/active while the other devices HA will be working in active/standby  jut you need to make sure that the returning traffic from the Internet will take the right path

also make sure that one any device int he path like IPS, FW or a L3 switch gose down the redundant path can handle the traffic load

also the DMZ switches it is better to have them inter connected like other switches in the network so that in the case of uplink down of th primary switch this link can be used to reroute the traffic

have a look at the bellow link for some more details and ideas

Campus Network for High Availability Design Guide

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html

HTH

if helfpul Rate

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Marwan ALshawi

‎08-11-2011 03:01 AM

Hi,

As said, it looks like high redundancy in this case I would prefer both the Internet facing firewalls in Active/Active mode (high availability) which connected to your HSRP core switches.

And connect your LAN switches (to which your internal servers connected) with two uplinks one to each HSRP core switches so that if on core switch is down in case then the other can take the path.


And what type of those switches? to which your Firewall-1 and Firewall-2 connected (not core switches). If you connect those two switches back to back make sure they will not create any loop as in some cases they will create loop.


Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful

acharyr123
Level 3
Level 3
In response to Latchum Naidu

‎08-11-2011 09:53 AM

Hi Naidu,

The switch before link load balancer is L2, rest all switches are L3 capable.

Rgds,

Partha

111665-winmail.dat.zip
0 Helpful
Customers Also Viewed These Support Documents