jbreg
asked on
Which Cisco router? 3 WAN Failover / SonicWall Configuration
We have one office with an ISA and EXG server, with our other critical servers (SQL, IIS, 2x Redhat machines) hosted offsite in a data centre. We have a sonicwall TZ170 in the office and a PRO 3060 in the data centre. We use a sonic to sonic VPN for traffic going from us to our servers in the data centre.
In terms of connectivity, we have a 2Mb leased line, a 2Mb adsl, and a line provided by a data centre next door (at which our servers are not hosted) which is essentially a second leased line. All have public IPs. The 2Mb leased line has a Cisco 1700 series router which is managed by our provider and which we cannot alter. The ADSL has a zoom adsl modem. The third line comes to us from a data centre next door, and we get just the line (ie they manage the router).
We just had a very frightening experience where our 2Mb leased line failed. We have not yet configured a failover, because we do not yet have a router that would have the 3 wan ports to support this. We want to purchase a Cisco router which can take 3 ethernet wan ports and configure it such that if traffic cannot get through on the leased line, it fails over automatically to the ADSL, and if that fails, it fails to the third line. The plan is to configure the sonicwall in the data centre such that it will accept VPN connections from any of these three public IPs.
I have a few questions:
Which Cisco router and which modules would you reccomend? We may eventually want to run these routers themselves in a failover configuration (ie have 2). As a young business, cost is an important factor. Also, we do not plan on using any advanced features apart from these.
My second question is for the config of the SonicWall Pro 3060--is it best to configure 3 separate VPN policies so that in a situation where a line failed the sonic would automatically accept a vpn connection from a different public ip? Will the sonic have issues if it does not realise the first vpn connection is dropped and we immediately try and initiate a second VPN from the same device (our office sonic)? Are there any specific settings we should apply.
Many thanks to anyone who can help!
In terms of connectivity, we have a 2Mb leased line, a 2Mb adsl, and a line provided by a data centre next door (at which our servers are not hosted) which is essentially a second leased line. All have public IPs. The 2Mb leased line has a Cisco 1700 series router which is managed by our provider and which we cannot alter. The ADSL has a zoom adsl modem. The third line comes to us from a data centre next door, and we get just the line (ie they manage the router).
We just had a very frightening experience where our 2Mb leased line failed. We have not yet configured a failover, because we do not yet have a router that would have the 3 wan ports to support this. We want to purchase a Cisco router which can take 3 ethernet wan ports and configure it such that if traffic cannot get through on the leased line, it fails over automatically to the ADSL, and if that fails, it fails to the third line. The plan is to configure the sonicwall in the data centre such that it will accept VPN connections from any of these three public IPs.
I have a few questions:
Which Cisco router and which modules would you reccomend? We may eventually want to run these routers themselves in a failover configuration (ie have 2). As a young business, cost is an important factor. Also, we do not plan on using any advanced features apart from these.
My second question is for the config of the SonicWall Pro 3060--is it best to configure 3 separate VPN policies so that in a situation where a line failed the sonic would automatically accept a vpn connection from a different public ip? Will the sonic have issues if it does not realise the first vpn connection is dropped and we immediately try and initiate a second VPN from the same device (our office sonic)? Are there any specific settings we should apply.
Many thanks to anyone who can help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER