RE: Redundancy & Failover

Thanks Aaron..This is exactly what I am looking for.
On Jan 13, 2012 9:54 PM, "Aaron" <aaron1_at_gvtc.com> wrote:

> I found this link....looks like you could perhaps make 0.0.0.0 0.0.0.0 def
> route to be tracked on pining that outside dns server you mentioned....then
> the default info orig (NOT ALWAYS) will only generate def rt to firtigate
> when that cisco router can ping that dns
>
>
> http://www.velocityreviews.com/forums/t670045-setting-routes-w-set-next-hop-
> verify-availability-in-ios-12-2-a.html
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Karim Jamali
> Sent: Friday, January 13, 2012 12:04 PM
> To: Joseph L. Brunner
> Cc: Cisco certification
> Subject: RE: Redundancy & Failover
>
> Hi Joseph,
>
> The problem I am trying to sort out is how to generat a default route to
> the fortinet only when internet is actually there, and to stop it's
> generation when internet is down..This is where the second router will
> generate the default route.
>
> Hope this clarifies it.
>
> Thanks
> On Jan 13, 2012 8:56 PM, "Joseph L. Brunner" <joe_at_affirmedsystems.com>
> wrote:
>
> > Fortinet's don't do failover well between candidate next hops on static
> > routes with health checks....
> >
> > You need to use OSPF/RIP all around... forget sla's
> >
> > -Joe
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Karim Jamali
> > Sent: Friday, January 13, 2012 12:05 PM
> > To: Cisco certification
> > Subject: OT: Redundancy & Failover
> >
> > Dear Experts,
> >
> > I need your support on the following scenario. I have a fortigate
> firewall
> > which is connected to 2 internet routers (Cisco Routers). Now the
> objective
> > I am trying to reach is to have full redundancy in terms of internet
> > connection. I have thought of doing HSRP/VRRP and putting both routers on
> > the same subnet and using tracking IP addresses to control pre-emption
> > however this is not valid as the customer wants to keep his IP addressing
> > the same. Thus each router is connected to the firewall on a seperate
> > subnet (public subnet) where the firewall is doing the PAT/NAT..etc
> >
> > The Fortigate firewall only seems to have a static route which can point
> > to a single next-hop, and there is no tracking functionality for those
> > static routes. I have thought of configuring OSPF between the
> > fortigate/Cisco routers, and using default-information originate attached
> > to a route-map on both Cisco Routers with different metrics. However,
> when
> > I am using the route-map I am trying to search for an SLA to match
> because
> > i don't want to match the outside interface being "UP" as this doesn't
> mean
> > that internet will be UP. Can anyone elaborate/help me find a better
> > mechanism? So the whole line of thought is that if internet is available
> on
> > router A by pinging a public DNS server for instance, I will generate
> this
> > default route into OSPF, else i will remove it and Router B will be used
> > for internet connectivity.
> >
> > Thanks
> >
> > --
> > KJ
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 13 2012 - 22:02:33 ART