Hi! I have the following scenario with regards to the design of 2 sites connected via dishes as a backup. The satellite dish is connected to the router's Ethernet port so when one of the ISP A/B is down, the whole site will fail over to the other site via satellite link. Here's the diagram for your reference.
Site A /-- LAN Firewall -- DMZ / 2621 --- ISP A (assume 192.168.1.x/24) | | | 10Mbps backup satellite link | | Cat2900 (LAN) \ Firewall (192.168.1.100/24) | \--DMZ | 2621 --- ISP B (assume 10.1.1.x/24) Site B Question: a) I would forsee that there will be some routing issues here. Since the satellite is not connected directly to the router, there is no way the router will be able to fail over gracefully. The only option we have is floating static route (ie. route 0.0.0.0/0 192.168.1.1 0 & route 0.0.0.0/0 192.168.1.100 200) hoping if the first route is unreachable, the route will revert to second higher route metric. Will this work? b) The DMZ at site A will not be able to fail over, since no inbound traffic could come in hence (in this scenario, we are talking about a mail server) I intend to put 2 different IP in the InterNIC DNS. 1 point to Site A and 1 to Site B. Question is how the traffic could route back from Site B firewall to Site A DMZ? Unless we mirrored the mail server to both site so the mail to Site A will be stored at the mirrored server at Site B. c) What about the client at Site A going out to Internet (via ISP B if ISP A is down)? The firewall will perform NAT at Site A, then router will chose to route to Site B's firewall and NAT again out to ISP B. It seems very complex to me. Any alternative? Any input or criticism is welcome. Thank you. Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23335&t=23335 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]