Announcement

Collapse
No announcement yet.

WAN failover project

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WAN failover project

    So my boss has dropped a bombshell on me.

    I need to figure out how to make or DR site work with WAN failover with two Internet connections. So I was wondering if anyone had any ideas on how I can make this work.


    Current setup:
    2 sites lets call them "Building A" and "Building B"

    A + B are currently on the same subnet and are linked with a PTP ethernet link (300mb/s)

    Internet (including our external IP addresses) are supplied to building A with building B accessing the internet through said internet connection.

    Site A is protected using an ASA 5510


    New setup:
    A secondary internet connection is being brought to site B with the intention to allow users at site B to use this connection to surf in case of WAN failure (The PTP link).

    In case of failover of the PTP link the business would like to be able to have site B automatically come up on the secondary internet connection and then connect to Site A using an IPsec VPN.


    The problem:

    What do I need to purchase / reconfigure to make this possible?

  • #2
    Re: WAN failover project

    What sort of systems do you have running in each building? Servers/routers etc rather than workstations.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: WAN failover project

      Site A is our main site with our main server room so everything from Domain controllers, application servers, database servers, webservices etc.

      Our WAN Firewall is an ASA 5510



      Site B is workstations only right now but management would like it to act as our disaster recovery site as well. So long term we can expect a full server room with SAN to SAN replication and VMware servers.

      Currently that building had a direct 300mb/s connection to our network (same subnet as site A)

      Comment


      • #4
        Re: WAN failover project

        Ok. You're probably going to want to install one or two DCs in site B, including DNS, DHCP and WINS - that will cover you for core functionality in the event of a failure in the link. As for failover to VPN over the new WAN connection, that's over to someone more experienced in that area than me
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: WAN failover project

          As for the DR site we have an existing "spare" domain controller with DCHP DNS that will be moved over there.

          After that I'll probably just order up 3 rack mounted servers with ESX and SAN replicate all our critical data over.

          Run the VMware converter on our critical servers and store the VM's on the SAN in archive and we're good to go.


          It's getting the backup WAN connection to work that's going to be fun.

          Comment


          • #6
            Re: WAN failover project

            So what you want that if WAN A fails you automatically being forwarded to WAN B?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X