Hey everyone,
As part of our outage planning, we're taking a look at our networking. At our main location we have a Cisco 1921 router set up with a full mesh DMVPN with two of our branches running Cisco 881 routers. We have 5 other locations that are connected to the main site through tunnels maintained by another company on a Cisco 1841 (working on changing that, if my network runs ok) plus we have two ESXi servers and a Cisco VPN 3000 Concentrator, all are connected to a DMZ switch.
What I'd like to do is put another internet connection at the main site, and use that as a backup. Our current network setup at the main site is attached (excluding the LAN setup).
What I'm wondering is how would we fail over the internet connection with the current config? My guess is that it's too complicated of a setup for that, because there is no one gateway
I'm thinking at the very least I should put the DMZ switch behind a firewall to aggregate all the edge devices. There isn't really a reason why we have so many devices on the edge, using so many public IPs, I just haven't gotten around to cleaning it up. I'm guessing that if I want all devices to come back online during a failover, they'd need to go through one point at least and one IP at best (or each device would need to know how to fail over to an alternate IP).
Another question is should I even be doing a DMVPN between sites with this 1941? I know it can handle it, but then we really should be piping everything else (ESXi servers, concentrator) through it as well so that everything stays operational during an outage. Problem with the 1941 is that it only has two ports and one needs to connect to the LAN, so there isn't a spot to hook up a secondary ISP anyways... Do I put a switch in front of the router, with two ISPs hooked up to it? I was looking at using something like a Peplink or a Mushroom Networks box to handle the failover but then how would that fit in with this whole equation? Wouldn't those be the VPN endpoints, and then I'd end up having to have one of those boxes at each site or something?
If anyone has some pointers or some good guides on this... I'd be eternally grateful!!