03-17-2005 11:57 AM - edited 03-03-2019 09:04 AM
hi, my cuurent situaution is I have 2 offices with identical setup.
3750---pix515---2621XM--ISP
Both offices need to be conected and I've done this with an IPSec between the Pix's. I am not using any dynamic routing. Now I have a request to add one more 2621XM router to each side.
--2621XM----ISP1
3750---pix515--|
--2621XM----ISP2
How should I approach this? How should I set up the routing?
Thanks for any info!
Alex
03-17-2005 07:57 PM
hi
from ur post afaiu u r goin to connect to second isp on each locations if not do correct me.
if yes r u goin to use the second router with new link to another isp for load balancing sort of concept or for reduandcy ?
do revert on those lines...
regds
03-18-2005 09:53 AM
Hey, thanks for your reply. I made a slight mistake on my second network diagram. It should be:
--------------------------------------------
SITE1: 10.10.1.0
...............--2621XM----ISP1
3750---pix515--|
...............--2621XM----ISP2
SITE2: 10.10.2.0
...............--2621XM----ISP1
3750---pix515--|
...............--2621XM----ISP3
--------------------------------------------
There are 3 ISP's total. ISP1 ~ 100MBps; ISP2 ~ T1; ISP3 ~ T1. So the primary connection to the internet will be ISP2 on both sides.
Failover is the primary reason for the upgrade to 2 routers on the edge on each site. There isnt much need for load balancing, though if it doesnt interfere with anything, I would preffer it simply because I think it would allow me to add more internet connections easier, as the sites grow.
**But failover for the connectivity between the two sites (using IPSec ?) and to the internet is the main objective.**
Some more restrictions:
In Site 1, I am publishing several webservers and a VPN concentrator (Pix) through ISP2. These services have to stay up after the addition of these new routers to each site.
I have been thinking about this design:
set up VRRP/GLBP(?) on the routers and set up a site-to-site IPsec from the Pix's.
Will the two sites be able to communicate when any ISP link goes down?
Thanks again.
03-18-2005 10:04 AM
Another thing...
Will I need to set up any routing between the 2PIXs, and the 4 routers so that they notify each other about link changes? If so, is it a security risc? Do I need to also set up tunnels between each of the routers to pass the routing info?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide