Solved

Which Cisco router? 3 WAN Failover / SonicWall Configuration

Posted on 2004-08-25
2
1,356 Views
Last Modified: 2012-06-27
We have one office with an ISA and EXG server, with our other critical servers (SQL, IIS, 2x Redhat machines) hosted offsite in a data centre. We have a sonicwall TZ170 in the office and a PRO 3060 in the data centre. We use a sonic to sonic VPN for traffic going from us to our servers in the data centre.

In terms of connectivity, we have a 2Mb leased line, a 2Mb adsl, and a line provided by a data centre next door (at which our servers are not hosted) which is essentially a second leased line. All have public IPs. The 2Mb leased line has a Cisco 1700 series router which is managed by our provider and which we cannot alter. The ADSL has a zoom adsl modem. The third line comes to us from a data centre next door, and we get just the line (ie they manage the router).

We just had a very frightening experience where our 2Mb leased line failed. We have not yet configured a failover, because we do not yet have a router that would have the 3 wan ports to support this. We want to purchase a Cisco router which can take 3 ethernet wan ports and configure it such that if traffic cannot get through on the leased line, it fails over automatically to the ADSL, and if that fails, it fails to the third line. The plan is to configure the sonicwall in the data centre such that it will accept VPN connections from any of these three public IPs.

I have a few questions:

Which Cisco router and which modules would you reccomend? We may eventually want to run these routers themselves in a failover configuration (ie have 2). As a young business, cost is an important factor. Also, we do not plan on using any advanced features apart from these.

My second question is for the config of the SonicWall Pro 3060--is it best to configure 3 separate VPN policies so that in a situation where a line failed the sonic would automatically accept a vpn connection from a different public ip? Will the sonic have issues if it does not realise the first vpn connection is dropped and we immediately try and initiate a second VPN from the same device (our office sonic)? Are there any specific settings we should apply.

Many thanks to anyone who can help!
0
Comment
Question by:jbreg
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 11896629
If I understand correctly:
You have one leased line to a router that you can't touch. You get an Ethernet feed.
You have one DSL modem with a Ethernet feed to you
You have an "extra" Ethernet feed from the Data Center next door.
Each one gives you an IP address.

Looks like you need a router with 4 Ethernet interfaces.

Cisco has a 2651 router that has 2 onboard, and you can add a module with 2 more 10/100 interfaces (NM-2FE), or one module with 4 Ethernet (10Mb) ports (NM-4E), giving you the total that you need.
To get the automatic failover resiliency that you want, you might want to consider using Service Assurance Agent (SAA) configurations. Some creative NAT with route-maps and you're in business.
Down the road as you grow, you can add a 2nd identical router for double-resiliency, or just add a redundant power supply or something. Modularity all the way...

As long as the 3060 is configured to accept the tunnel from any one of three IP addresses, I don't see any issues there. I'm not a SonicWall expert, so my input on that subject is limited.


0
 

Author Comment

by:jbreg
ID: 11896715
Excellent comments, that's exactly what I was after.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now