cisco routing help with multiple gateways..

[laone06]

Hi,
I'm new to cisco routers.. I'm considering Cisco 2851 router to setup load sharing/balancing and mail server redundancy. any help/suggestions will be helpful.. here is the scenario (all ips are imaginary)..

we've 2 data connections from 2 different ISPs.
74.2.190.55 - 3mbps bonded t1
74.206.18.33 - 1.5mbps t1

I'm trying to accomplish following for each case -

1. exchange 2007 mail server - 192.168.1.236
mx records -
ex1.website.com(74.2.190.55) 10
ex2.website.com(74.206.18.33) 20

map smtp of both ips to 192.168.1.236. if server receives connection/session from mail1 ip then reponse goes out to mail1 ip. and if smtp connection from mail2 ip is received, the response/session goes out that way.

we're also using port 587, imaps, imap. no pop

2. iis - 192.168.1.236
ex1.website.com(74.2.190.55)
ex2.website.com(74.206.18.33)
activesync, autodiscover, address book, web access, etc.
all are accessible via ssl/tls only.

all incoming traffic should respond to correct path


3. iis web server - 192.168.1.234

http://www.website.com

- 74.2.190.55,

http://www.websitebackup.com

- 74.206.18.33
both external ip's are mapped to same server. this is a ecommerce server... so there is ssl element as well.

again, all incoming traffic should respond to correct path.

4. around 15 users using internet. first preference is automatic load balancing and also compensate for unequal bandwidth. 2nd would be to define groups and assign them a default gateway and use failover.
i'm also concerned about ssl connections, vpn to remote servers, etc if packet to packet balancing is used.


Questions:
a. can I accomplish above in ios. is so, can someone help me with ios? or direct me to right path?
b. is cisco 2851 good for the job? any other options? I saw peplink 380 that can do everything i need.
c. what are my options for equipment failure? can i setup a second cisco 2851 and somehow setup failover. peplink has a protocol to accomplish this.

cisco experts.. please advice!

Thanks
vick

 

[unclerico]

so going with two routers will be best that way you eliminate the single point of failure if the physical router goes down. now, in terms of your Internet connections you should make sure that they are truly diverse (i.e. use different carriers for the last mile and have different entry points into your building) otherwise if you have a fiber cut you could still potentially be out of commission. if you are familiar with BGP you could multihome your two connections, but you'll also need to check with your carriers to make sure that they will accept routes from the other. the setup you are suggesting using the multiple IP's COULD work but it may not be reliable. as for having multiple internal gateways you could run a protocol such as HSRP, VRRP, or GLBP that will provide redundancy. in terms of the router selection it really depends on whether you are planning to use multiples and what features you plan to implement. if you use multiples the 2851 may be overkill and you could instead go with 2801's or something smaller (and cheaper).

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[laone06]

thanks for quick reply.
The connections are diverse. we recently experienced a major outage on our 3meg line because of multiple fiber cuts. our 1.5 line was working great (however, everything is manual right now.. 2 different dlink dfl300 routers.. i have to manually change gateways at each server. and our dhcp only have 1 default gateway. our it department manually change gateway on there computers to use other gateway).

so are you saying i can use 2 physical routers and setup 1 as failover.. if so how? i checked peplink, they somehow use VRRP.

we use Covad and Telepacific as our two carriers. I don't think BGP is possible since the two carriers probably won't work together.

I'm only minimally familiar with the inner workings of protocols you have listed above since i haven't worked in ciscos before.. but i'm a electrical engineer.. so you can throw anything at me.. i'll try to absorb.. i also found EBGP while googling for loading balancing for unequal bandwidth.. any insight on that?

I need to accomplish exactly what I posted in my original post. can you tell case by case basis if everything is possible, what are my options for implementation and some leads.

Additionally, I'm also planning on using a autofailover dns service that will automatically change ip of main domain names to our 2nd isp. while propagation happens, our second domain (

http://www.websitebackup.com)

will be fully operational.

thanks

 

[photoadrian]

I wouldn't be too sure that the ISPs would not work together. If they don't, go find someone who will. Most ISPs will work together for redundant links.

 

[laone06]

anyone else...??

 

[burtsbees]

You would have to statically NAT the mail server to two different ports...

ip nat inside source static tcp 192.168.1.236 25 74.2.190.55 25

ip nat inside source static tcp 192.168.1.236 2525 74.206.18.33 2525

Just do the same for 2 and 3, whatever ports (80, 443 for HTTP/HTTPS, or 8080, 21, 2121, etc. and whatever else). You can also inform PAM of the different ports...

sh port-map

That is if you are using CBAC and the IOS Firewall.

/