You could look at the Stateful NAT feature for NAT table sync across multiple devices. http://www.cisco.com/en/US/products/ps6600/products_white_paper09186a0080118b04.shtml
As far as I know, though, there is no equivalent feature for IOS stateful firewall (ZFW or CBAC). So if you're doing anything beyond basic ACLs and NAT for firewalling (hopefully you are) you will still have session breakage during a failover event. The ASA active/standby feature is much more tightly integrated than two IOS routers. You could still accomplish device redundancy by using two routers with a FHRP and a switch to split off the incoming ISP link (assuming Ethernet handoff) as others have mentioned, and you could also put a pair of active/standby ASAs behind the router pair to provide you redundancy at the routing layer and stateful failover of firewall/NAT/VPN function. You could build a 2N design all the way from the routers back, and in front of the routers have a single switch (dual buys you nothing other than a warm standby) with the ISP link into it. On Sun, Jan 1, 2012 at 2:24 PM, Imran Ali <[email protected]> wrote: > Marc abel , > > you are spot on ! > > but does i think this is going to be state less failover ? > > > is their a way to NAT synchronisaiton ? > > On Sun, Jan 1, 2012 at 10:15 PM, marc abel <[email protected]> wrote: > > > Plug your uplink and the interaces from the routers into a switch in the > > same vlan. Use hsrp. You still will have a single point of failure. > Unless > > your provider provides dual hand offs. In this case plug each uplink and > 1 > > router into seperate switches and trunk them together. > > On Jan 1, 2012 12:50 PM, "Imran Ali" <[email protected]> wrote: > > > >> Hi all, > >> > >> i have only one uplink and my boss wants to implement redundancy of > >> routers . > >> > >> > >> if one router fails other should take over . HSRP , vrrp and GLBP all > >> required dual links . but i want to achieve hardware redundancy and not > >> link redundancy . is this possible ? > >> > >> > >> the same can be achieved with asa in active and stanby mode .....but > we > >> have routers instead of ASA. > >> > >> Any idea , expert can guide me ? > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please > >> visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
