Hi!
I have the following scenario with regards to the design of 2 sites
connected
via dishes as a backup. The satellite dish is connected to the router's
Ethernet port
so when one of the ISP A/B is down, the whole site will fail over to the
other site
via satellite link. Here's the diagram for your reference.
Site A
/-- LAN
Firewall -- DMZ
/
2621 --- ISP A (assume 192.168.1.x/24)
|
|
| 10Mbps backup satellite link
|
|
Cat2900 (LAN)
\
Firewall (192.168.1.100/24)
| \--DMZ
|
2621 --- ISP B (assume 10.1.1.x/24)
Site B
Question:
a) I would forsee that there will be some routing issues here. Since the
satellite
is not connected directly to the router, there is no way the router will
be able
to fail over gracefully. The only option we have is floating static route
(ie.
route 0.0.0.0/0 192.168.1.1 0 & route 0.0.0.0/0 192.168.1.100 200) hoping
if the
first route is unreachable, the route will revert to second higher route
metric.
Will this work?
b) The DMZ at site A will not be able to fail over, since no inbound traffic
could
come in hence (in this scenario, we are talking about a mail server) I
intend to
put 2 different IP in the InterNIC DNS. 1 point to Site A and 1 to Site
B. Question
is how the traffic could route back from Site B firewall to Site A DMZ?
Unless
we mirrored the mail server to both site so the mail to Site A will be
stored at the
mirrored server at Site B.
c) What about the client at Site A going out to Internet (via ISP B if ISP A
is down)?
The firewall will perform NAT at Site A, then router will chose to route
to Site B's
firewall and NAT again out to ISP B. It seems very complex to me. Any
alternative?
Any input or criticism is welcome.
Thank you.
Ryan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=23335&t=23335
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
