Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
0
Helpful
5
Replies

Routing protocol implementation question

Chris Driggers
Level 1
Level 1

‎09-11-2005 08:58 AM - edited ‎03-03-2019 10:28 AM

Say you have a network based out of Atlanta, with approximately 25 remote branch offices. The offices are connected back to Atlanta through a sonicwall hardware vpn over the internet. The sonicwall at each site is currently the default gateway.

Each site also has a 32k frame relay connection via a cisco router back to atlanta. This is to be used for backup purposes in case the sonicwall goes down.

The goal is have hands-off failover. I'd like to have the remote sites change the default gateway to the cisco router IP and have router set up to automatically route traffic over the frame relay when the sonicwall is down. The sonicwall is RIP v1 capable.

Since there are two ways of getting to the same network, I'm not exactly sure which routing protocol would be best and how to best implement it. I had some ideas but they haven't worked in practice. Does anyone have any tips for me?

Labels:
0 Helpful
5 Replies 5

thisisshanky
Level 11
Level 11

‎09-11-2005 11:10 AM

Chris,

The new sonicwall's (depending upon model number) can run OSPF also. Again the problem is that your hosts behind the lan, need to sense a wan link failure and then shift traffic forwarding to the frame-router (which is a Cisco router - good). Typically failover can be implemented between two lan devices using protocols such as HSRP (Cisco proprietary) or VRRP (IEEE standard). Does the Sonicwall support VRRP ( I couldnt find any ref. to this at their website). This will enable us to specify one ip address (virtual IP) as default gateway for the clients and when one router fails (or wan link on that router fails), the other router will take over.

Also, Can the Sonicwall support RIP v1 over the VPN link ?

Another work around for lan failover is, to use the frame router as default gateway (This cisco router should have atleast two lan interfaces).

Sonicwall

|

|

Router------Frame-connection

|

|

LAN devices

All LAN devices will use Router as the default gateway which has one ethernet interface connected to SOnicwall, while the other ethernet interface connects to the LAN switch. A third serial interface connects to the Frame network.

Both Sonicwall and Cisco router will run RIP over VPN and LAN interface, so if a particular route is not reachable via the Sonicwall VPN, it will converge over the Frame network.

HTH

Sankar.

PS: Make sure the router you insert in between Sonicwall and LAN has enough horsepower to handle your network traffic.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Chris Driggers
Level 1
Level 1
In response to thisisshanky

‎09-12-2005 03:03 PM

The sonicwall doesn't support any routing protocol other than RIP (v2 actually). If I make the Cisco router the default gateway, can I put a static route pointing to the sonicwall which could failover to the RIP routes that point to the frame relay?

0 Helpful

thisisshanky
Level 11
Level 11
In response to Chris Driggers

‎09-12-2005 05:25 PM

That would not help, as the next hop (ethernet interface of sonicwall) will still be up even if wan link fails. I would run RIP over the vpn as well as frame to get failover work automatically.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Chris Driggers
Level 1
Level 1
In response to thisisshanky

‎09-12-2005 05:32 PM

that's what I was afraid of. I'm not 100 percent sure that the sonicwall supports RIP over vpn (later models do).

0 Helpful

thisisshanky
Level 11
Level 11
In response to Chris Driggers

‎09-12-2005 05:38 PM

An alternative approach - with the same setup I mentioned in Post1

Sonicwall

|

|

Router----Frame

|

|

Lan

You can create a tunnel between two Cisco routers (one at branch and one at HO). This tunnel will run GRE and it will be encrypted by Sonicwall like it does for other traffic. You can then run RIP or EIGRP on top of this and send a prefix over this tunnel say 10.99.99.99/32. This prefix is sent only via this tunnel (not via frame).

Then you can have two static default routes (one via Sonicwall and other via Frame) at the branch office router. The static default route via Sonicwall will be tracked (Cisco proprietary feature - Object tracking) by the Cisco router for availability of the prefix 10.99.99.99/32. IF this route is missing from the routing table of branch router (which means the VPN via Sonicwall could be down), the default route via Sonicwall could be withdrawn and use the static route via Frame.

This again involves a bit of configuration on HO and branch site to make this all to work which could be time consuming.

I have setup something similar with DMVPN and ISDN backup which have worked great so far for the customer. So if you need more info on this, email me and I will get you some docs on this.

The feasibility of this on your routers, depends on Router model, software support for GRE etc.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card