Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC:

Internet Auto Failover between 2 ISPs on 2 differe 6 years 1 month ago #38717

  • omer84
  • omer84's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 17
  • Karma: 1
  • Thank you received: 0
Hello Gents,

My Network Setup is as below,

ISP - ABC is my PRIMARY.

ISP - XYZ is the DR.

@ ISP (ABC) i have router C1941 located in ABC DataCenter which further connect to my firewall and switch and servers

@ ISP (XYZ) i have router C881 located in XYZ DataCenter which further connect to my firewall and switch and servers

I do not have RIPE IPs, hence each ISP has provided me with their respective IPs on my WAN and LAN interfaces.

ISP ABC 168.187.X.X

ISP XYZ 62.215.X.X

All my clients are connected to ISP (ABC) using site-to-site VPN ,

There is not direct link b/w these two ISPs , hence i cannot run HSRP , VRRP etx

Both the Data Centers are located in completely different locations.

My Question is

How do i configure Auto-Failover , when ISP ABC is down , i need my clients to connect to ISP XYZ

Internet Auto Failover between 2 ISPs on 2 differe 6 years 1 month ago #38718

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
Omer,

Thanks for your question - it's certainly an interesting one.

The solution to your problem is quite simple actually. What you need is a Dual DMVPN network between the Hubs (Your Datacenter Routers) and spokes (Endpoints/remote offices).

Luckily DMVPN is a topic heavily covered here on Firewall.cx. You can start on the introduction which explains how the service works and also provides examples and links to other pages here that show how to configure it:

www.firewall.cx/cisco-technical-knowledg...sco-dmvpn-intro.html

In short, with DMVPN all spokes create an IPSec protected (optional) GRE tunnel with the HUB (HQ Router). The Hub works as a central database keeping track of every spoke's public IP address. This allows spokes to also create direct VPN tunnels with each other without passing traffic through the Hub.

The great part of DMVPN is that the spokes can use dynamic public IP addresses as there is no requirement for static public IPs except for the Hub router.

You'll also be happy to know that you can use GNS3 to fully setup this scenario - I've personally setup exactly what you're describing through GNS3 before implementing it at my customer. I used two HQ Hubs - each connected to the internet via a different ISP and 5 spokes which used an ADSL as a primary connection but also with ISDN Backup (more complex!).

Spokes would connect to the primary Hub and if that went down, they would fallback to the secondary Hub.

Read up on the DMVPN articles we've got here and let us know if you still have any questions.

Good luck!

Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
  • Page:
  • 1
Time to create page: 0.093 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup