7/28/2019 SMBEN20S04L04

1/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-1

Cisco Secure Network Foundation Smart Designs

High AvailabilityDesign

7/28/2019 SMBEN20S04L04

2/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-2

Overview

Upon completing this lesson, you will be able to identifyfeatures and components involved in redundancy, andwireless Smart Designs.

This ability includes being able to meet these objectives:

Recall high availability objectives as outlined in the Smart DesignArchitecture Guide

Describe the Main Office Integrated model which supports highavailability

Describe the Main Office Hybrid model which supportsredundancy

7/28/2019 SMBEN20S04L04

3/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-3

High Availability

7/28/2019 SMBEN20S04L04

4/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-4

High Availability Objectives

To eliminate the following types of failures:

WAN link failure at the main office

WAN link failure at the branch office

WAN router failure at the main office

Main office Cisco ASA (firewall) failure

Main office aggregation switch failure

Aggregation switch to WAN router link failure

Aggregation switch to access switch link failure

Aggregation switch to Cisco ASA link failure

Inter-aggregation switch link failure

7/28/2019 SMBEN20S04L04

5/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-5

Main Office Integrated Topology withHigh Availability

Gi0/0 Gi0/0

Main Office

WAN andInternet

PrimaryWAN router

Fa01/0 Gi0/1

Secondaryaggregation

switch

SecondaryWAN router

Fa01/0 Gi0/1

DMZ VLAN

Access switch 13560

Access switch 23560

DMZ

DMZ servers(e.g., HTTP)

Primaryaggregation

switch

7/28/2019 SMBEN20S04L04

6/14

2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-6

High Availability TopologyCharacteristics Integrated Topology

WAN

Link

WAN

Router

Aggregation

Switch

Access Switch

and Servers

Redundancy Yes Yes Yes No

Split tunnel [1] Yes NA NA NA

Technology used for redundancy Dynamic

routing

Dynamic

routing

HSRP Dual Ethernet

Links

L3/L2 (user traffic) forwarding L3 L3/L2 L2

DMVPN Hub Yes

Easy VPN Gateway Yes

SSL VPN Gateway Yes

Firewall Yes

IPS (Optional) Yes

Multicast (Optional) Yes Yes Yes

[1] The same WAN interface can carry encrypted traffic to other business locations as well as unencrypted traffic to Internet.

7/28/2019 SMBEN20S04L04

7/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-7

Main Office Hybrid Topology with HighAvailability

Primaryaggregation

switch

Switch A

PrimaryASA 5510

PrimaryWAN router

Internet

Access switch3560

Switch B

SecondaryASA 5510

SecondaryWAN router

Access switch3560

FastEthernet

GB Ethernet GB Ethernet

E0/1 E0/1FailoverLink

SSMmgmt

Secondaryaggregationswitch

DMZ

DMZ VLANEther

channel

Routing Protocol (EIGRP orOSPF) provides redundancybetween Layer 3 networkdevices

HSRP providesredundant defaultgateway to clients

7/28/2019 SMBEN20S04L04

8/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-8

Main Office High Availability in HybridModel Active-Standby Cisco ASA

WAN Router 1

EIGRP/OSPF

Switch A

WAN Router 2

EIGRP/OSPF

Switch B

Aggregation

Switch 2

ASAs monitor each others outside

interfaces via Switch A and Switch B

ASAs monitor each other and send stateinformation via Switch C

ASA 1

EIGRP/OSPF

ASA 2

EIGRP/OSPF

Switch C

ASAs monitor each others inside interfaces

via Aggregation Switch 1 and Switch 2

Switch A

Recommended Topology

Aggregation

Switch 1

7/28/2019 SMBEN20S04L04

9/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-9

High Availability TopologyCharacteristics Hybrid Topology

WAN Link

WAN

Router

Cisco

ASA

Aggregation

Switch

Access

Switch and

Servers

Redundancy Yes Yes Yes Yes No

Split tunnel [1] Yes

Redundancytechnology

Dynamicrouting

Dynamicrouting

ActiveStandby

HSRP Dual EthernetLinks

L3/L2 (user traffic)

forwarding

L3 L3 L3/L2 L2

DMVPN Hub Yes

Easy VPN Gateway Yes

SSL VPN Gateway Yes

Firewall Yes

IPS (Optional) Yes

[1] The same WAN interface can carry encrypted traffic to other business locations as well as unencrypted traffic to Internet.

7/28/2019 SMBEN20S04L04

10/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-10

Q&A

7/28/2019 SMBEN20S04L04

11/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-11

Lesson Summary

7/28/2019 SMBEN20S04L04

12/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-12

Lesson Summary

The Cisco Smart Design Architecture Framework supports highavailability, and helps to minimize network failures.

The Smart Design Main Office Integrated topology supports highavailability.

The Smart Design Main Office Hybrid topology supportsredundancy.

7/28/2019 SMBEN20S04L04

13/14 2008 Cisco Systems, Inc. All rights reserved. SMBEN v2.04-13

Module Summary

The Cisco Smart Designs are tools used to create securenetworking infrastructure, wireless LAN, and IP telephonysystems that are effective, flexible, and validated network-basedsolutions.

Main Office with ISR can be customized to meet specific customerneeds.

The Main Office Hybrid model is similar to the Integrated modelexcept that it uses a dedicated firewall appliance (Cisco ASA) foroffloading the firewall functionality from the WAN router.

The Smart Design Architecture Framework supports highavailability and minimizes many types of network failures.

7/28/2019 SMBEN20S04L04

14/14 2008 Ci S t I All i ht d SMBEN 2 0 4 14