Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Two ISA's, two locations, failover
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Two ISA's, two locations, failover - 15.Feb.2005 1:04:00 AM
|
|
|
Linwood
Posts: 28
Joined: 2.Dec.2001
From: Louisa, VA, USA
Status: offline
|
Scenario - Frame relay network connecting lots of internal locations to two main central sites. Internet connection at each central site, ISA on each.
Much of the traffic internally is SecureNat, e.g. server traffic that arrives on a firewall by way of the statically defined default gateways in each internal router.
If one ISA Server is down, we can manually change the default routes in the internal Ciscos, and it all works (ok, there's a lot of other issues, but we understand them).
Is there any way to (a) notice an internet outage on one, and (b) automatically switch?
How do people do this? Some kind of BGP routing, but how does one make that interact with NAT behind the firewalls? (And thru as well).
[ February 15, 2005, 01:05 AM: Message edited by: Linwood ]
|
|
|
|
|
RE: Two ISA's, two locations, failover - 4.Mar.2005 6:17:00 AM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
I've seen it done a number of ways. Most common I've seen is when multiple ISP paths are required at one physical datacenter location. Two routers running BGP connected to an internal switch, and the firewall(s) also connected to this switch. In this case, you can run into issues by double-NATing but they are workable. If the requests are a directed request (web proxy or firewall client) then they really are not being NATed twice so you shouldn't have too many issues.
|
|
|
|
|
RE: Two ISA's, two locations, failover - 4.Mar.2005 12:39:00 PM
|
|
|
Linwood
Posts: 28
Joined: 2.Dec.2001
From: Louisa, VA, USA
Status: offline
|
So we would run BGP through the firewall (i.e. a hole for it) as opposed to trying to make RRAS that runs on the firewall participate in the routing directly?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
