HSRP question

[spivy66]

current setup 100mbps data line ip nw 1.1.1.1/27 ( for argument sake) very simple cisco 1800 provided by ISP

Scenario: i'm getting a another 100mbps line for fail-over/ HA . the ISP is giving me 2.2.2.2/30 & 3.3.3.3/29

Problem/Question: If i do this i will have to get two cisco 2900's and manage myself. I have over 100 ipsec tunnels setup using main mode static. Will i be able to setup HSRP/GLBP and always ensure ip 1.1.1.x is always be active and show as the public IP even if one of my 2900's go down? I don't think that's possible, but just asking? I can setup bgp4 with two subnets but can i ensure the 1.1.1.x ip will be the active one at all times. I'm not even sure HSRP and handle two separate subnets let alone GLBP.


MY IDEA: Have the ISP run the new like but use extra ip's from the 1.1.1.1/27 nw and setup HSRP/GLBP this way i knnow for sure i can use a ip on 1. nw and it will always be active even if i loose one of my routers ( of course depending on how HSRP or GLBP is set up)


YOUR ADVISE WOULD BE VERY HELPFUL!
THANKS

 

[burtsbees]

Diverse or same ISP?

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[spivy66]

Hello Burtsbees, thanks for the reply.

its the same ip. here my issues, i'll explain this this a little better.

Ok so this is what the new setup is going to look like,but I'm not sure how to set it up to ensure my tunnels don't drop if i loose a router and most of all i need my gw ip to stay at 1.1.1.1 becuse all my dmz hosts are hard coded to that ip address.

Can i disregard using the 4.x ip block and use extra ips from the 3.x block for the other router so i can share the 1.1.1.1 ip from both routers. This way my gateway will never change, thanks again

 

[spivy66]

sorry i cant upload the pic, i dont see an option here and i dont have a web linki can attach it to. i'll see what eles i can do

 

[spivy66]

current setup 100mbps data line ip nw 1.1.1.1/27 ( for argument sake) very simple cisco 1800 provided by ISP

Scenario: I'm getting a another 100mbps line for fail-over/ HA . the ISP is giving me 2.2.2.2/30 & 3.3.3.3/29


how do i attached a file in this post?

 

[imbadatthis]

that or if you are using multiple routes, why not setup a dynamic routing protocol between these and your gateway (assuming they are not on the same device) and then advertise routes accordingly ?

if your gateway is on the same device, then setup two vrfs, one that has all the external addresses, setup another vrf where your internal network resides, and either use VASIs to interconnect the VRFs or use a switch to do a loop back in same VLAN and same Subnet can reside on two different vrfs.

so it would be

vrf1 --> switch <-- vrf2

port-channel 1.xx
vrf forwarding vrf1
encapsulation dot1q vlan xx
ip address 10.1.1.1/30

port-channel 2.xx
vrf forwarding vrf2
encapsulation dot1q vlan xx
ip address 10.1.1.2/30

configure eigrp between the two sub interfaces, and inject a default route accordingly into your internal vrf..

i'd still say use VASIs or use your option 1 if your ISP is willing to allow it.
from the sounds of it however they are NOT, so you are stuck with running dynamic routing protocl between your edge routers and whatever is serving internal..



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.