Announcement

Collapse
No announcement yet.

1811 Router - Dual WAN w/failover, ISP protocol preference

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 1811 Router - Dual WAN w/failover, ISP protocol preference

    Hello - newbie needing help finally programming the 1811 to have two ISPs - 22 meg cable and a T1 line provide failover and protocol preference or load balancing. Here is the scenario.
    Internet web traffic - client outbound and inbound to the company web server, FTP and Exchange traffic will use the 22 meg cable line.
    Client VPN (Microsoft PPTP) and Remote Desktop connections will use the T1.
    If either ISP fails I need the traffic to automatically route to the other ISP.
    802.11 wireless will provide direct connectivity to internal LAN and DHCP from internal LAN server
    My questions are:
    How do I address the VPN client needing to change to the other IP address to find the VPN server?
    How do I redirect the registered domain name DNS calls to the web server when the IP address switches to the other ISP?
    How to setup split VPN DNS to allow client web traffic to go out the client local connection instead of through the VPN and T1 line?
    Can I control VPN access via the group in Active Directory using just the 1811? (currently using ISA 2004 to run this rule)

  • #2
    Re: 1811 Router - Dual WAN w/failover, ISP protocol preference

    You can use policy based routing to determine what traffic goes out which ISP. For failover you can use backup interface, IP SLA with enhanced object tracking.

    This setup screams BGP when dealing with multiple internet connections via 2 different ISP's. You can run BGP with your ISP's and inject whatever routes you want into their BGP domain. This will ensure both ISP's know how to route to you even when one circuit fails. In short both ISP's will have routing information for your domain.

    Can I control VPN access via the group in Active Directory using just the 1811? (currently using ISA 2004 to run this rule)

    You can use an internal Radius server for authentication or if you have one a TACACS server.


    How do I redirect the registered domain name DNS calls to the web server when the IP address switches to the other ISP?

    If running BGP with your ISP's this wont be an issue as both will know how to route to your internal domain and will forward traffic approprietly.

    How do I address the VPN client needing to change to the other IP address to find the VPN server?

    Create an A record with a hostname pointing to your vpn ip on your hosting site (Godaddy etc) That way the clients can reach the vpn with a friendly name instead of an ip address.

    BGP is very robust and has alot of options and you definatley should be running it in your case but check the specs on your router as it can be very processor and memory intensive.


    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X