Dual homing a Cisco VPN Router
Hi All,
I need to purchase a new internet switch (8 public IP addresses). I'm a bit confused as to multi-homing the router.
Currently I have 1 public IP on one interface on the VPN router (Cisco 2691) which connects to the internet switch and one internal IP on my LAN side.
The idea is that if the internet switch goes down, the VPN traffic could be carried over the other network interface to the new switch. There is only one ISP, so routing to a separate network isn't possible here.
Any help would be appreciated.
I need to purchase a new internet switch (8 public IP addresses). I'm a bit confused as to multi-homing the router.
Currently I have 1 public IP on one interface on the VPN router (Cisco 2691) which connects to the internet switch and one internal IP on my LAN side.
The idea is that if the internet switch goes down, the VPN traffic could be carried over the other network interface to the new switch. There is only one ISP, so routing to a separate network isn't possible here.
Any help would be appreciated.
Last Comment
Robert Sutton Jr
What type of service is being delivered and how? When you say "Internet switch" are you referring to your ISP's device? Any chance you can show us a brief net diagram?
ASKER
Hello,
We are running IPSEC VPNs over this line, the diagram is attached.
Internet Router --- Internet Switch --- VPN Router.
I want to dual home my VPN router, in the event that internet switch goes down, so I will be purchasing an additional switch to connect in.
I don't know if I need to use VRRP or GLBP or something else I'm not familiar with. But the idea is to prevent the VPNs from going down in the even that the original internet switch goes down for whatever reason.
We are running IPSEC VPNs over this line, the diagram is attached.
Internet Router --- Internet Switch --- VPN Router.
I want to dual home my VPN router, in the event that internet switch goes down, so I will be purchasing an additional switch to connect in.
I don't know if I need to use VRRP or GLBP or something else I'm not familiar with. But the idea is to prevent the VPNs from going down in the even that the original internet switch goes down for whatever reason.
Ok..For some reason your diagram didn't show when I 1st posted. You can load share via BGP since you still are going through a single local router.
Here's are some examples:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf2
Hope this helps.
Here's are some examples:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf2
Hope this helps.
ASKER
I'm not really sure if BGP is the way to go. There are a total of 2 routers here. The idea is to prevent VPNs from dropping.
So if that internet switch (layer 2) is to go down, I can still have VPN connectivity. So maybe some type of virtual address solution?
I'm confused about how to physically connect the VPN router, to two switches, both on the same public IP subnet. I believe the router will tell me the interfaces overlap.
So if that internet switch (layer 2) is to go down, I can still have VPN connectivity. So maybe some type of virtual address solution?
I'm confused about how to physically connect the VPN router, to two switches, both on the same public IP subnet. I believe the router will tell me the interfaces overlap.
From the diagram I assume the Internet Router is the telco equipment and the switches are yours.
I don't know that you gain much setting up a redundant solution (switches) inbetween two single points of failure (routers).
However, I think setting up virtual interfaces in the routers is the way I would go. It looks like you will also need the Internet Router owner to configure their equipment as well to support this.
I don't know that you gain much setting up a redundant solution (switches) inbetween two single points of failure (routers).
However, I think setting up virtual interfaces in the routers is the way I would go. It looks like you will also need the Internet Router owner to configure their equipment as well to support this.
ASKER
The idea is to build out a fully redundant network. They would like to start with the cheapest- being the two switches.
ASKER
How would you connect two router interfaces to a single IP subnet? Won't the router tell you that the interfaces overlap? I've never had a need to connect two router interfaces to a single IP subnet before.
I have never completed a setup exactly like this. I am also not sure about the capabilities of your router or the Internet router. The physical interfaces would be setup without an IP address or switching ports (like the two switches). A virtual interface would be created with the IP address information you need. One of these routes will be disabled(spanning-tree) while the other is in operation. If the main link fails (the switch), then the other would come up with access to the same virtual interface. For this to work, both routers would need to be configured similarly.
Virtual Interfaces: http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_cfg_vir_if_ps6350_TSD_Products_Configuration_Guide_Chapter.html
Virtual Interfaces: http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_cfg_vir_if_ps6350_TSD_Products_Configuration_Guide_Chapter.html
ASKER
I'm not concerned about supplying failover for the actual VPNs. I'm concerned about the switch.
In the diagram there are two Internet switches... these are just used to distribute the IPs for the public ip subnet we were issued. If INT SW1 went down, how would my VPN Router use INT SW2?
We are implementing full redundancy throughout the network, however I am confused in how to connect a single router to two different switches for redundancy, in the event the INT SW1 fails.
In the diagram there are two Internet switches... these are just used to distribute the IPs for the public ip subnet we were issued. If INT SW1 went down, how would my VPN Router use INT SW2?
We are implementing full redundancy throughout the network, however I am confused in how to connect a single router to two different switches for redundancy, in the event the INT SW1 fails.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
