Solved

Failover

Posted on 2008-06-11
5
4,105 Views
Last Modified: 2013-06-11
I am planing to redesign our current DC network and expected to have Network Failover (HA)(Active/Standby). So i budgeted to buy 2 x ASA5510 and 2  x GE Switches. Attached is my Plan in mind. can some body verify, whether need to amend anything in my approach?
1. Firewall to Firewall connection required
2. What action required to take if Primary Firewall or switch fails.
3. Witch is the right approach of keeping Servers in each VLAN (WEB, APPlications & DB)
Network-Diagram.jpg
0
Comment
Question by:jacobsumod
  • 2
  • 2
5 Comments
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 250 total points
ID: 21761864
Here are the weaknesses I see:
1. All of your LAN connectivity is through the first switch and all servers are single-homed to it. You should dual-home all servers to both switches.

The best way to do this is with NIC teaming software set up in active/standby mode so the 2 NICs share one IP address and on MAC address. All VLANs must be configured on both switches and ASAs. The cross-connect between the switches must be a trunk that carries all the VLANs. Run HSRP on all VLANs on the ASAs and use Standby Tracking so that if the primary circuit goes down, the LAN HSRP swings over to the backup circuit.

2. I don't know how the circuits on the outside connect or where they go so I can't comment on WAN failover.

I've attached a revised diagram to help illustrate item 1.
Drawing1.jpg
0
 
LVL 22

Assisted Solution

by:mutahir
mutahir earned 250 total points
ID: 24637107
Mike's diagram is solid and for the wan failover :
You can use a dual wan router and connect your firewalls to it so that if one of your wan connections go down it will automatically failover to your 2nd wan conneciton (if you have two wan feeds at the moment)
What we use is a draytek 2950 dual wan router with gigabit ports and it is very stable and robust ;
you can check with your local or authorized draytek reseller in your region
http://draytek.co.uk/products/vigor2950.html
www.draytek.com
hope this helps
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 24639579
Wow. I made my comment a year ago. Maybe this question should be closed out!
0
 
LVL 22

Expert Comment

by:mutahir
ID: 24640360
oh, I didn't realized the date until now ; Thanks Mike for pointing it out
yes the question should be closed
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now