Skip to main content

Internet Auto Failover between 2 ISPs on 2 differe

More
7 years 1 month ago #38717 by omer84
Hello Gents,

My Network Setup is as below,

ISP - ABC is my PRIMARY.

ISP - XYZ is the DR.

@ ISP (ABC) i have router C1941 located in ABC DataCenter which further connect to my firewall and switch and servers

@ ISP (XYZ) i have router C881 located in XYZ DataCenter which further connect to my firewall and switch and servers

I do not have RIPE IPs, hence each ISP has provided me with their respective IPs on my WAN and LAN interfaces.

ISP ABC 168.187.X.X

ISP XYZ 62.215.X.X

All my clients are connected to ISP (ABC) using site-to-site VPN ,

There is not direct link b/w these two ISPs , hence i cannot run HSRP , VRRP etx

Both the Data Centers are located in completely different locations.

My Question is

How do i configure Auto-Failover , when ISP ABC is down , i need my clients to connect to ISP XYZ
More
7 years 1 month ago - 7 years 1 month ago #38718 by Chris
Omer,

Thanks for your question - it's certainly an interesting one.

The solution to your problem is quite simple actually. What you need is a Dual DMVPN network between the Hubs (Your Datacenter Routers) and spokes (Endpoints/remote offices).

Luckily DMVPN is a topic heavily covered here on Firewall.cx. You can start on the introduction which explains how the service works and also provides examples and links to other pages here that show how to configure it:

www.firewall.cx/cisco-technical-knowledg...sco-dmvpn-intro.html

In short, with DMVPN all spokes create an IPSec protected (optional) GRE tunnel with the HUB (HQ Router). The Hub works as a central database keeping track of every spoke's public IP address. This allows spokes to also create direct VPN tunnels with each other without passing traffic through the Hub.

The great part of DMVPN is that the spokes can use dynamic public IP addresses as there is no requirement for static public IPs except for the Hub router.

You'll also be happy to know that you can use GNS3 to fully setup this scenario - I've personally setup exactly what you're describing through GNS3 before implementing it at my customer. I used two HQ Hubs - each connected to the internet via a different ISP and 5 spokes which used an ADSL as a primary connection but also with ISDN Backup (more complex!).

Spokes would connect to the primary Hub and if that went down, they would fallback to the secondary Hub.

Read up on the DMVPN articles we've got here and let us know if you still have any questions.

Good luck!

Chris.

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Last edit: 7 years 1 month ago by Chris.
Time to create page: 0.144 seconds