Re: OT: Redundancy & Failover

Track the default route, have hsrp configured with the track command to
decrement the hsrp priority lower than router 2

On Fri, Jan 13, 2012 at 11:04 AM, Karim Jamali <karim.jamali_at_gmail.com>wrote:

> Dear Experts,
>
> I need your support on the following scenario. I have a fortigate firewall
> which is connected to 2 internet routers (Cisco Routers). Now the objective
> I am trying to reach is to have full redundancy in terms of internet
> connection. I have thought of doing HSRP/VRRP and putting both routers on
> the same subnet and using tracking IP addresses to control pre-emption
> however this is not valid as the customer wants to keep his IP addressing
> the same. Thus each router is connected to the firewall on a seperate
> subnet (public subnet) where the firewall is doing the PAT/NAT..etc
>
> The Fortigate firewall only seems to have a static route which can point to
> a single next-hop, and there is no tracking functionality for those static
> routes. I have thought of configuring OSPF between the fortigate/Cisco
> routers, and using default-information originate attached to a route-map on
> both Cisco Routers with different metrics. However, when I am using the
> route-map I am trying to search for an SLA to match because i don't want to
> match the outside interface being "UP" as this doesn't mean that internet
> will be UP. Can anyone elaborate/help me find a better mechanism? So the
> whole line of thought is that if internet is available on router A by
> pinging a public DNS server for instance, I will generate this default
> route into OSPF, else i will remove it and Router B will be used for
> internet connectivity.
>
> Thanks
>
> --
> KJ
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 13 2012 - 20:49:43 ART