Link to home
Start Free TrialLog in
Avatar of bschwarting
bschwarting

asked on

Cisco 2801 - Verizon WAN HWIC - Routing/Gateway Question

Looking for some advice on how this will work for us in a disaster recovery scenario.  Right now we are like most businesses on a fiber internet connection, and have fiber between our remote offices.  If in a disaster we lost fiber to our headquarter facility, we want to use the Verizon WAN HWIC solution to get us by until fiber service is restored.  What would this look like for us when the disaster happens?  How would I route us out through Verizon?

Right now we have everyone with a default gateway of our main switch.  That main switch has its default gateway as our firewall.  When the disaster happens, do I just change the main switches default gateway to my new router with the Verizon HWIC card in it?

I know this will only allow for outbound traffic to the internet, and nothing inbound, but will that work?

My other more pressing concern is, will this be safe?  Since traffic will now be routed through Verizon and a router only, no firewall?

Any thoughts or suggestions would be appreciated!

Link to the Verizon card
Avatar of djcapone
djcapone

When you refer to the Verizon WAN HWIC solution, are you referring to the WWAN (aka 3G) solution or some other copper/fiber service provided by Verizon?

If each branch office has its own internet connection, you could utilize the fiber connections between offices to reroute traffic out of the branch office connections.

If I am correctly assuming you are referring to using a 3G solution as a backup, I will also assume that the fiber connecting all the branch offices to headquarters means that all internet access to the branch offices is being provided by the fiber connection at the HQ.

Based on these assumptions, you should be able to set an equal cost static route to the next-hop provided by the Verizon WWAN solution to act in a failover capacity.  You are correct in assuming that inbound traffic to mail servers, etc that rely on the IP space from your fiber provider would not work.  The security issues regarding bypassing the firewall are varied and would be based upon where NAT/PAT translations are taking place.

If you could provide more information regarding your network topology (with IP numbering, X.X out public IP space), I could assist more.
Avatar of bschwarting

ASKER

Yeah, 3G, as a backup, and yes the HQ is the source for all internet.  Good assumptions!

From the reading I have done on ECMP Routing, they say this is not a solution for fail over, which is what we want.

We have 2 remote offices, and HQ, on the same subnet.  We have multiple VLAN's at the HQ, but left the same subnet to the remote offices to make it easier on configuration.

Everyone has the same gateway, which is our first floor switch.  All of our NAT/PAT happens on the firewall, which is the default gateway of our first floor switch.

That is why I was thinking I could manually change the gateway to our Verizon solution manually if we are down, but I guess I would then have to have at least NAT setup on something.

ASKER CERTIFIED SOLUTION
Avatar of djcapone
djcapone

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thanks for all the help!  this has pushed me in the direction I need to go!