Networks

General discussion

Gravatar
Locked

Complex Cisco Installation

By RocketServers ·
Let me preface this by saying I am not necessarily asking for someone to give me a total solution but for guidance to point me in the correct direction. I am experienced in Cisco products, just definitely not an expert. Here is what is needed:
We have two incoming network connections into our company. They are each have different IP blocks and we can not get both companies to work together on a solution and changing companies is not an option. We need to have a setup where when the primary link goes down, the secondary link takes over. The problem is the network setup is rather broken and thus we can not actually route through the cisco router but rather have to bridge the network connection. We also would like to have the cisco router dofirewalling at the same time. This switch over needs to be as transparent to the user's as possible. The ideal solution for us would be if the network switches over, the IP addresses of the machines do not have to change. They are all on public IP addressing out of necessesity. It would be OK if when the network switched over to the secondary link to have the router create a NAT with the usual public IP's from the first link being the private side of the public link. Any ideas on making this work would be greatly appreciated. We have two Cisco 3620 routers configured with three ethernet ports each and Cisco IOS 12.2 with the ENTERPRISE/FW/IDS PLUS IPSEC 3DES feature set on them. I doubt if we need both for this setup, but if required the second is available. If you need me to clarify anything further please let me know.

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

Complex Cisco Installation

by timwalsh In reply to Complex Cisco Installatio ...

Found this on the Cisco site:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs009.htm

(remove any embedded spaces in the URL)

This web page talks about Cisco's Hot Standby Routing Protocol. It looks like it might fit your situation.

Hope this helps.

gravatar
Collapse -

Complex Cisco Installation

by RocketServers In reply to Complex Cisco Installatio ...

The solution you offered would work great I think for a network setup where there was a definite end and starting point, but unfortunately these are connections to the internet at large. If you could offer any explaination of how this might be applicable to this type of network setup I would be willing to reconsider your suggestion. Thanks for the help none the less.

gravatar
Collapse -

Complex Cisco Installation

by Joseph Moore In reply to Complex Cisco Installatio ...

Now I am not sure as to how you implement this, but from what I have heard, you need to set up a HDLC pair.

"High-Level Data-Link Control Protocol (HDLC)

The High-Level Data-Link Control protocol (HDLC) is a popular ISO-standard, bit-oriented Data Link layer protocol. It specifies an encapsulation method for data on synchronous serial data links using frame characters and checksums. HDLC is a point-to-point protocol used on leased lines. No authentication can be used with HDLC.

In byte-oriented protocols, control information is encoded using entire bytes. Bit-oriented protocols, on the other hand, may use single bits to represent control information. Bit-oriented protocols include SDLC, LLC, HDLC, TCP, IP, etc.

HDLC is the default encapsulation used by Cisco routers over synchronous serial links. Cisco's HDLC is proprietary?it won't communicate with any other vendor's HDLC implementation?but don't give Cisco grief for it; everyone's HDLC implementation is proprietary."

gravatar
Collapse -

Complex Cisco Installation

by Joseph Moore In reply to Complex Cisco Installatio ...

AFAIK, enabling HDLC on your 2 routers will allow them to be in a standby failover mode. If ROUTER1 in the HDLC pair fails, then all traffic is rolled over to ROUTER2.
Now, I am not sure how you enable HDLC on 2 routers from different ISPs, but I would look into it.

I am still learning the Cisco routing protocols, so I could be offbase here.

hope this helps, though

gravatar
Collapse -

Complex Cisco Installation

by Joseph Moore In reply to Complex Cisco Installatio ...

WRONG ONE! IT IS NOT HDLC.

HSRP. That is what you need.

That is the router protocol that will let a 2nd router kick in in failover when a primary circuit goes down.

Now again, I don't know if this works since both routers are from different ISPs (with different IP subnets). You will have to look that up.

Sorry for the confusion. I knew it started with an "H" and was a 4-letter abbreviation for something! :-)

gravatar
Collapse -

Complex Cisco Installation

by RocketServers In reply to Complex Cisco Installatio ...

This is the same answer as the person above you. If you have any ideas on making this work I would reconsider your response, but as I have already researched this and find no way to implement this I can not give any credit for your answer. Thanks for your time.

gravatar
Collapse -

Complex Cisco Installation

by Pokhylchenko In reply to Complex Cisco Installatio ...

So sorry to tell you this, but this task impossible to complete, not being an AS (autonomous system). This means, that you mast own a block of IP addresses and AS number, only this way you will be visible from Inet on any of your uplinks (by means of BGP4 routing protocol). Otherwise, even when you are NATting one block of public IPs to another, they will be tried to deliver through ISP on failed link. I'm not sure that this sounds very clear (I'm not great in English), some things about this you can read at www.ripe.net, it is our European RIR agency.

There is no switching possible. I've been through all theese investigations myself 1 year ago

Let me know if something not clear.

gravatar
Collapse -

Complex Cisco Installation

by RocketServers In reply to Complex Cisco Installatio ...

I hope your not correct and a solution can be found. I am very familiar with what your talking about and if we were in a position where we could do as you mentioned I definitely would.

gravatar
Collapse -

Complex Cisco Installation

by andrew.mizzi In reply to Complex Cisco Installatio ...

Being my niche at the moment, I couldn't let the opportuntiy pass me by.

Get a Net Integrator server to do the gateway and routing.

(www.net-itech.com). A feature called double vision runs this Internet service, and can look after both Internet connections.

gravatar
Collapse -

Complex Cisco Installation

by RocketServers In reply to Complex Cisco Installatio ...

Thanks for the input but we are trying to do this without making any new hardware purchases. As a side note, funnily enough but the case they use for their servers is the exact same case I use for my office machine. Beautiful cases and extremely functional. Has more internal space than any other case I have seen of the same design. Very well designed and built.

Back to Networks Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Start or search

Related Discussions

Related Forums