I designing a new network for the company.
-Core layer is Cat6509 with VSS
-FW Lauer: Cisco ASA 5540
-Switches: L2 Cisco 2960
What is the best plan to make this redundant to the Firewalls?
I have a fresh piece of 7606-S router, i am planning to install a new IOS ( 15.2.4S or 12.2.33-SRD8 ) SIP-200 / RSP720 moduls ... would ypu plese provides me a configuration guide for installing IOS for 7600 serise router.I have the image on TFTP server.
View 3 Replies View RelatedWe have WCS running 7.0.164.3...We had upgraded WLSE to WCS a few years back.
I am planning to upgrade WCS to 7.0.240.0... What is the procedure of upgrading WCS in this case? I am not quite sure about the procedure as our WCS was a WLSE before.
I have to propose/design a network system. It has 350 computer terminals/workstations out of which 300 of them are divided into two separate networks while the other 50 are to be on another network. So I assume I'd need 3 networks (or LANs) I guess (all connected ofcourse)So far I've inferred it needs a mail server, a file server, a print server, a DHCP server to assign IP addresses (C class and private ones ofcourse) and a web proxy server. Also I thought a fast Ethernet LAN network might be ideal here but I'm not quite sure on that (nor have I ascertained what sort of topology or hardware to use).
View 5 Replies View RelatedI planning to integrate cisco asa5505 device in runing enviornment for filter ip traffic.Internet ----router----ciscoasa----lan.Ip series is public(25.263.25.0/24) througout of network (no privateIP)now how do I set asa in such case and filter traffic from comming into lan and going out to internet.
View 5 Replies View RelatedI am planning to install and configure VSS (6509) switches. But the customer requires that the First Switch should be the main and the second Switch should act as a backup one. (Disaster Recovery).
Once the Main (Primary switch) DOWN the Secondary one should coming UP.But what I am understand in VSS concept the two switches will act as one Switch. And both of them will be UP in the same time.
Is there any solution to configure the both VSS switch as primary and standby switch to provide HA?
We are currently designing a complete Layer 3 to the edge solution for our customers. The network design is a combination of a collapsed core (Core to access) as well as a three layer model (Core/Distro/Access) for connectivity to the Data Centre, Internet and Wireless Blocks.
The core of the network contains two 6509E switches interconnected on a Layer 3 Port channel (no VSS). Access Layer switches (3750 Stacks) connect to the core switches over p2p routed links (Collapsed core part of the design). Distribution layer switches provide connectivity to the Data centre, Internet and Wireless Blocks.(three layer model.
All IP addressing is being planned for assignment from the private RFC 1918 address block(10.0.0.0/8) for both Infrastructure and Access layer VLANs for users.
Clarifications required for the following:
[code]...
I have configured Clientless SSL VPN for access to ASA 5540 internal network. Still I am unable to take ssh to my core switc [code]
View 5 Replies View RelatedI have a 5540, and i am trying to allow access to internet for an specific network object group, who has inside a bunch of users, who needs direct internet access without any restrictions, i have tried with dynamic NAT, but that configuration ask for a specific IP o a Network range, and is not permitted to configure an object group as a source
The group is located in LAN zone, so a permission from one zone to another zone is needed i think, but i can allow the internet acess to that group Is there another way to get that , different from NAT ?
When ever I create a network object in ASDM 6.0(3) the UI also wants to send the command 'asdm location (network object IP address)' to the device.What is the purpose of 'asdm locaction ....'? Is it telling the ASA-5540 that the IP address is allowed to connect to the device using ASDM?If that is the case why does 'asdm location xxx.xxx.xxx.xxx'get denerated for every network object I create?
View 3 Replies View Relatedwe've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies View RelatedI have a customer who is looking to add some redundancy to their internet connections. Currently we have an ASA 5510 for their firewall. I know that the Sonicwalls are capable of terminating multiple internet connections simultaneously for load balancing, redundancy, and for pushing different types of traffic out different connections. Traditionally the ASAs have not had that capability. But does anyone know if the newer revs (8.3 and I think 8.4 may be out?) will do that or anything similar? Not looking for a full BGP-style solution where the same address space is available via multiple links, but more just a solution where the internet for basic web browsing could fail over and load balance between two internet connections, each assigned to a different outside interface on the ASA.
View 7 Replies View RelatedI'm shortly going to move our stuff to a new data centre, where we have two network feeds - so there'll be two lengths of CAT 5 coming into the rack, for "first hop redundancy".I have something similar at our existing DC, but I'm simplifying the equation somewhat at the new DC, and using a simpler configuration that just uses two switches, rather than two switches and two routers. All of the servers will have public IP addresses.Now - the network guy at the new DC has confirmed that a simpler two switch configuration will work.
View 17 Replies View RelatedWe have cisco 1841 router with two ISP . But we facing the problem whenever our secondary ISP Link goes down the Primary has also went down.We have only one default route for primary Link
View 1 Replies View RelatedI have a question with regards to 6500 Redundancy. We currently have only one in our DC, it has 2 SUP 720s, two FWSMS, and multiple switchport blades. My question is is this fully redundant? and if not what is it that can fail, so I can look into adding that extra layer of redundancy.
View 3 Replies View RelatedI have a 4510R+E switch that won't change to the SSO redundancy mode. After entering the 'mode SSO' command, the switch reboots the peer supervisor (as it says it will), but after it comes back up it remains in RPR mode. I've tried rebooting the peer supervisor manually, rebooting the entire chassis, manually power cycling the entire chassis, and reseating the sups, but the switch remains in RPR mode. The issue started when I swapped the switch's supervisor with the supervisor of another 4500. The same issue was observed on the other 4500 as well, but after several reboots, I got it to change to SSO mode. Prior to the swap, both switches were running in SSO mode just fine.Since we're running IOS version 15.0 with the 'spare sup' license, I suspect the issue arose because of licensing complications (with relation to the chassis serial number and the like) when I swapped the sups....although this doesn't explain why the other switch changed to SSO after some troubleshooting.
View 1 Replies View RelatedI have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
View 1 Replies View RelatedWe currently have the following configuration:
STB_6509#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9
2 24 CEF720 24 port 1000mb SFP WS-X6724-SFP
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B
[code]....
I would like to add a redundant supervisor blade to the 6509 that is in production. Can this be done plug and play and require no reload. Are all WS-SUP720-3B the same as far as memory etc... or can I buy any used WS-SUP720-3B and it will work properly.
Can the above be used to provide redundancy. However there is only one ISP side connected? Of course we can set up both with exact same rules and use a Manual power on/off if?
View 2 Replies View RelatedFirst and foremost, what I have are 2 x 7204VXR (Gateways), 1 x 4507R-E (Coreswitch), and our ISP have 7609.Got some issues with redundancy with our ISP.
7609
I I
I I
7204-A 7204-B
| |
| vrrp |
| |
-4507R-E-
|
|
internal network
Both outside interfaces of 7204 gateways are connecting to 7609 with different public ip block. I used VRRP for my internal nework and failover have been tested working.
Even tried to remove link of 7204-A and 7609, the failover works perfect. If I shutdown/ remove the link between my 4507R-E and 7204-A (primary gw_higher vrrp priority), vrrp redundancy/failover still works, but pings from internal network to internet is only 50% success....alternate 4 ping reply and 4 time out.
i have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies View RelatedWe will be getting a circuit from the same ISP at two of our sites and will be doing eBGP. Couple of notes. 1. We are fully aware of the risks associated with depending on a single ISP and have mitigated them as much as possible with the ISP. 2. We will be getting assistance on the eBGP setup from the ISP, so I’m not as concerned with that config at this point.
Site Summary
Site A:Cisco 2900 Series (RtrA) connected to single Ethernet based ISP circuit (ISP-1-A)eBGP will run between RtrA and ISP-1-A, default routes from provider onlyLayer 2 Switch (SwA) connected to LAN of RtrA and uplinks to SwB
Site B:Cisco 2900 Series (RtrB) connected to single Ethernet based ISP circuit (ISP-1-B)eBGP will run between RtrB and ISP-1-B, default routes from provider onlyLayer 2 Switch (SwB) connected to LAN of RtrB and uplinks to SwA
I need advise on the LAN side redundancy. Our goal is redundancy; load balancing is not a concern (If load balancing ever becomes a concern I will look at GLBP). We have several devices on the LAN side of the routers that can only use a single gateway. Given that I’ve surmised I need to use HSRP in some way for LAN gateway redundancy.
1. HSRP with Object Tracking, No IGP.HSRP handles LAN gateway failover if a router dies. Object tracking ensures LAN gateway failover if an interface fails or if an interface is up, but there is an upstream traffic issue. ie. track the physical WAN interface and use an IP SLA icmp to track a specific upstream IP incase of an upstream traffic issue.
2. HSRP with OSPFHSRP handles LAN gateway failover if a router dies. OSPF redistributes eBGP default routes to RtrA and RtrB so that each router should have a route to the ISP even if they loose their local ISP circuit. i.e if ISP-1-A on Router A goes down, Router A knows to send traffic out ISP-1-B via RtrB. In other words, traffic enters RtrA LAN, but exits on RtrB WAN.
3. HSRP with iBGP HSRP handles LAN gateway failover if a router dies. I have no experience with BGP, but assuming this would work similar to the OSPF solution above except for the required iBGP config and possible route reflectors?
I'm new to firewall using ASA 5510. How can I have a redundancy over two ASA 5510. Hardware load balancing and IP Load balancing, just like HSRP or GLBP. Below is my diagram.
[code]....
Two internet links from different SP using different routers an firewalls connected to a 6513. I need to use these two links as primary and secondary (the secondary will be used just if the primary fails) for just two specific machines and 6513 have to be responsible for jusing between primary and secondary link. The rest of the network have to use just the primary link.
View 5 Replies View Relatedwhich option do you think is better? The idea is to use them as the core of the network,to route between several VLANs.
Options:
1 - Two 3560 with HSRP
2 - Two 3750 stacked with cross-stack etherchannel to the access switches
[URL]I ran across this on the cisco site and I wondering if it was possiable with two 2851's? The part that is most interesting to me is this part of the config (this looks like what allows the use of the y-cable)
redundancy
#
mode y-cable
how to have a redundant border router with a T1
actually im using a cisco asa 5520 as a default gateway to acessin/ publishing in the wan. i have a cisco 2811 configured to replace the cisco asa in a case of problem, but the switch is made manually. my lan switch is a 2 3560e configured with hsrp, so it is possible to make redendancy( failover) between the cisco ASA 5520 and the cisco 2811 using a hsrp or other technic.
View 11 Replies View RelatedI have supervisor engine ws-x4516 with two line card WS-X4424 - GB - RJ45 - 1No ,WS-X4548 - GB - RJ45 - 1No. Now i want switch and hardware redundancy.
View 3 Replies View RelatedWe currently have a 4404 controller that is approaching 100 AP’s (their max). The boss would like to add redundancy into the project. Which leaves me with a lot of questions and I am fairly new to cisco WLAN controllers.While a second 4404 would cover for redundancy would that be true if the AP’s pass the 100 mark?If I get a bigger controller that can support more than 100 (5508?)can the existing 4404 still work in the plan as a backup?Or do I just need to purchase two bigger units and auction off the 4404?
View 3 Replies View RelatedI will be installing a new ASA 5510 firewall on our SIP vlan to separate our voice traffic from the rest of the traffic. I'm trying to decide whether or not I should go with an active/active setup or an active/standby. Any insight on the best way to set this up? This install is going in from scratch, and I am going to be connecting to a 3750 switch stack. Should I pair up a link from each switch to each 5510 using etherchannels? Should I use 8.3 or 8.4? Most of the docs I've been able to find say it depends on this, that, or the other.
View 2 Replies View RelatedWe are going to implement high availabilty in 5508 WLC with version of 7.3.101 . We will be using Prime infrastructure 1.2 for monitoring purpose.With Prime, whether we can monitor and manage redundant WLC also or only active WLC?.
View 3 Replies View RelatedGot a situation where Location_A got TWO ISP and Location_B got One ISP.Using ISP 1 link Location_A establishes IPSEC Tunnel with Location_B .How do I establish redundancy from Location_A point of view, if ISP1 is down then ISP2 should establish IPSEC tunnel with Location_B.At Location_A both ISP links terminates on the cisco PIX-525 and all (VPN) crypto configuration is on PIX 525 running version PIX Version 7.2(4)7At Location_B VPN is terminated on a PIX Version 6.3(3).
View 2 Replies View RelatedI have a question about my ACS redundancy deployment. I bought three ACS all of them came with base license. but i bought large deployment license my question is necesary to buy the large deployment license to add two seconday ACS to my Primary ACS ? now if I install the large deployment in my primary ACS it replique to other ACS or I have to install first the large deployment one by one (secondary ACS) before to join to the Primary ACS.
View 1 Replies View Related