Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
3
Replies

WAN Backup question

Hernan Seijas
Level 1
Level 1

‎12-27-2016 09:09 AM - edited ‎03-05-2019 07:44 AM

Hi,

I have the scenario in the attach, it's like a LAN extension, switches has no config (only default gw) and I need to configure a backup solution for the wan circuit. What will be the best solution? The idea is to apply the changes or add equipment without changing anything in the Firewalls. Is it possible?

Regards and thanks for your help.

 

Labels:
Preview file
45 KB
0 Helpful
3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎12-27-2016 10:18 AM

Is it possible?

Yes, likely it is.

What will be the best solution?

The best solution would probably include being able to reconfigure the FWs and/or the existing WAN edge routers.

The next best solution, that comes to my mind, would be one or two devices that "pretend" to be the FW and WAN edge devices.  (This might be doing able on a single router using double NAT, if not, two routers doing NAT should work.)

BTW, what model are the switches?  If the model supports different IOS feature sets, what feature set installed?

0 Helpful

Hernan Seijas
Level 1
Level 1
In response to Joseph W. Doherty

‎12-27-2016 10:30 AM

Both switches are 3560G series with C3560-IPSERVICESK9-M  12.2(55)SE11.

The idea is to not modify FW config, but if there is an easy solution modifying WAN routers, there is no problem.

Could you please explain how to acomplish the solution?

Regards and thanks a lot!

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Hernan Seijas

‎12-27-2016 12:24 PM

Ah, if you can modify the WAN routers, that should make it much easier, including only perhaps needing the additional backup WAN routers.

Assuming the FWs use the existing WAN routers' interface, and they in turn use some IP on the FWs, you move the routers' inside IP to the 3560G switches and have it route to the existing and new WAN routers, and they route back to it.  I.e. as far as the FWs are concerned, the 3560s becomes the IP for traffic in and out.

BTW, you would setup routing so you only have a primary and a back up path, or you could setup routing to use both paths.  In case of link failure, the latter approach, using both links, means you lose half your effective bandwidth, but if you also use QoS, some privileged traffic might be provided the same service level.

0 Helpful
Customers Also Viewed These Support Documents