• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1371
  • Last Modified:

Which Cisco router? 3 WAN Failover / SonicWall Configuration

We have one office with an ISA and EXG server, with our other critical servers (SQL, IIS, 2x Redhat machines) hosted offsite in a data centre. We have a sonicwall TZ170 in the office and a PRO 3060 in the data centre. We use a sonic to sonic VPN for traffic going from us to our servers in the data centre.

In terms of connectivity, we have a 2Mb leased line, a 2Mb adsl, and a line provided by a data centre next door (at which our servers are not hosted) which is essentially a second leased line. All have public IPs. The 2Mb leased line has a Cisco 1700 series router which is managed by our provider and which we cannot alter. The ADSL has a zoom adsl modem. The third line comes to us from a data centre next door, and we get just the line (ie they manage the router).

We just had a very frightening experience where our 2Mb leased line failed. We have not yet configured a failover, because we do not yet have a router that would have the 3 wan ports to support this. We want to purchase a Cisco router which can take 3 ethernet wan ports and configure it such that if traffic cannot get through on the leased line, it fails over automatically to the ADSL, and if that fails, it fails to the third line. The plan is to configure the sonicwall in the data centre such that it will accept VPN connections from any of these three public IPs.

I have a few questions:

Which Cisco router and which modules would you reccomend? We may eventually want to run these routers themselves in a failover configuration (ie have 2). As a young business, cost is an important factor. Also, we do not plan on using any advanced features apart from these.

My second question is for the config of the SonicWall Pro 3060--is it best to configure 3 separate VPN policies so that in a situation where a line failed the sonic would automatically accept a vpn connection from a different public ip? Will the sonic have issues if it does not realise the first vpn connection is dropped and we immediately try and initiate a second VPN from the same device (our office sonic)? Are there any specific settings we should apply.

Many thanks to anyone who can help!
0
jbreg
Asked:
jbreg
1 Solution
 
lrmooreCommented:
If I understand correctly:
You have one leased line to a router that you can't touch. You get an Ethernet feed.
You have one DSL modem with a Ethernet feed to you
You have an "extra" Ethernet feed from the Data Center next door.
Each one gives you an IP address.

Looks like you need a router with 4 Ethernet interfaces.

Cisco has a 2651 router that has 2 onboard, and you can add a module with 2 more 10/100 interfaces (NM-2FE), or one module with 4 Ethernet (10Mb) ports (NM-4E), giving you the total that you need.
To get the automatic failover resiliency that you want, you might want to consider using Service Assurance Agent (SAA) configurations. Some creative NAT with route-maps and you're in business.
Down the road as you grow, you can add a 2nd identical router for double-resiliency, or just add a redundant power supply or something. Modularity all the way...

As long as the 3060 is configured to accept the tunnel from any one of three IP addresses, I don't see any issues there. I'm not a SonicWall expert, so my input on that subject is limited.


0
 
jbregAuthor Commented:
Excellent comments, that's exactly what I was after.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now